{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.297:15209691): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.297:15209691): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.297:15209691): item=0 name=\"/usr/local/bin/python3\" inode=7100313 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.297:15209691): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.297:15209691): argc=3 a0=\"python3\" a1=\"-u\" a2=\"/usr/local/src/app/packages/back-end/scripts/stats_server.py\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766398.297:15209691): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.297:15209691): arch=c000003e syscall=59 success=yes exit=0 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=2 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"python3\" exe=\"/usr/local/bin/python3.11\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.322:15209690): proctitle=2F7362696E2F6970006C696E6B"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.322:15209690): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.322:15209690): item=0 name=\"/sbin/ip\" inode=6690355 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.322:15209690): cwd=\"/ansible\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.322:15209690): argc=2 a0=\"/sbin/ip\" a1=\"link\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766398.322:15209690): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.322:15209690): arch=c000003e syscall=59 success=yes exit=0 a0=73d4c0a6ed80 a1=73d4bf66aed0 a2=73d4bf60fcf0 a3=0 items=2 ppid=437787 pid=437815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209689): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209689): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209689): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209689): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209688): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209688): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209688): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209688): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209687): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209687): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209687): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209687): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209686): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209686): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209686): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209686): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209685): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209685): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209685): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209685): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209684): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209684): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209684): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209684): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209683): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209683): item=0 name=\"/tmp/yarn--1777050535293-0.18640072947539443/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209683): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209683): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209682): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209682): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209682): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209682): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209681): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209681): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209681): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209681): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209680): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209680): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209680): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209680): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.296:15209679): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.296:15209679): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.296:15209679): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.296:15209679): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.295:15209678): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.295:15209678): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.295:15209678): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.295:15209678): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.295:15209677): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.295:15209677): item=0 name=\"/usr/local/src/app/packages/back-end/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.295:15209677): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.295:15209677): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.295:15209676): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.295:15209676): item=0 name=\"/tmp/yarn--1777050545180-0.6694177499645813/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.295:15209676): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.295:15209676): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162366e0 a2=16331be0 a3=8 items=1 ppid=11492 pid=437814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.267:15209675): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.267:15209675): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.267:15209675): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.267:15209675): cwd=\"/\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.267:15209675): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766398.267:15209675): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.267:15209675): arch=c000003e syscall=59 success=yes exit=0 a0=61980ac76990 a1=61980ac989c0 a2=61980ac77860 a3=8 items=2 ppid=437806 pid=437813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.252:15209674): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.252:15209674): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.252:15209674): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.252:15209674): cwd=\"/\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.252:15209674): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766398.252:15209674): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.252:15209674): arch=c000003e syscall=59 success=yes exit=0 a0=61980ac76fe0 a1=61980ac98810 a2=61980ac774a0 a3=8 items=2 ppid=437806 pid=437812 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.242:15209673): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.242:15209673): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.242:15209673): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.242:15209673): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.242:15209673): cwd=\"/\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.242:15209673): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766398.242:15209673): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.242:15209673): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=437794 pid=437806 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.192:15209672): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.192:15209672): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.192:15209672): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.192:15209672): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.192:15209672): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.192:15209672): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437794 pid=437803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766398.178:15209671): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.178:15209671): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766398.178:15209671): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766398.178:15209671): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766398.178:15209671): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2023813718\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/9cdc901d46ba1a59aad3fb40966d470786592778545654434a6e99a52af615dd.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766398.178:15209671): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b3e40 a1=c0002e7f00 a2=c000276000 a3=0 items=2 ppid=4475 pid=437794 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.983:15209670): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F62696E2F616E7369626C65002D2D76657273696F6E"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.983:15209670): item=2 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.983:15209670): item=1 name=\"/usr/bin/python3\" inode=6867528 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.983:15209670): item=0 name=\"/usr/bin/ansible\" inode=6861055 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.983:15209670): cwd=\"/ansible\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.983:15209670): argc=3 a0=\"/usr/bin/python3\" a1=\"/usr/bin/ansible\" a2=\"--version\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766397.983:15209670): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.983:15209670): arch=c000003e syscall=59 success=yes exit=0 a0=c000027218 a1=c0000a1350 a2=c0001651c0 a3=0 items=3 ppid=437775 pid=437787 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ansible\" exe=\"/usr/bin/python3.12\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.942:15209669): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.942:15209669): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.942:15209669): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.942:15209669): cwd=\"/var/lib/docker/rootfs/overlayfs/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.942:15209669): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.942:15209669): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3850 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=437775 pid=437784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.927:15209668): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39613831353961323033333030613437383061616630393634"}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.927:15209668): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.927:15209668): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.927:15209668): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.927:15209668): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2300658315\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/34d271694a984ebcd7cc7a700b3f01e71c5776404255ccfa05a83008b07d5cbe.pid\" a14=\"9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-05-02T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.927:15209668): arch=c000003e syscall=59 success=yes exit=0 a0=c00031a420 a1=c000350080 a2=c000350100 a3=0 items=2 ppid=2291 pid=437775 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.184:15209667): proctitle=6373636C69006D657472696373"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.184:15209667): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.184:15209667): cwd=\"/\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.184:15209667): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766397.184:15209667): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.184:15209667): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c0000a5350 a2=c0001538f0 a3=0 items=1 ppid=437746 pid=437758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.148:15209666): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.148:15209666): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.148:15209666): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.148:15209666): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.148:15209666): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.148:15209666): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=437746 pid=437756 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.135:15209665): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.135:15209665): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.135:15209665): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.135:15209665): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.135:15209665): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process756587817\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/79238c79b7759d0be5e800f0f369b609134a6c732083a693da74363717dbf3a2.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.135:15209665): arch=c000003e syscall=59 success=yes exit=0 a0=c0000989b0 a1=c000235c00 a2=c000235c80 a3=0 items=2 ppid=3555 pid=437746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766397.033:15209664): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.033:15209664): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766397.033:15209664): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766397.033:15209664): cwd=\"/\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766397.033:15209664): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766397.033:15209664): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766397.033:15209664): arch=c000003e syscall=59 success=yes exit=0 a0=633bde1f9ef0 a1=633bde169670 a2=633bdde61970 a3=705c72513e70 items=2 ppid=437737 pid=437743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.993:15209663): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.993:15209663): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.993:15209663): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.993:15209663): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.993:15209663): cwd=\"/\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.993:15209663): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.993:15209663): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.993:15209663): arch=c000003e syscall=59 success=yes exit=0 a0=556521996640 a1=5564eccb89a8 a2=5565219965d8 a3=8 items=3 ppid=437737 pid=437743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.989:15209662): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.989:15209662): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.989:15209662): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.989:15209662): cwd=\"/\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.989:15209662): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.989:15209662): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.989:15209662): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c000094120 a3=0 items=2 ppid=437724 pid=437737 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.943:15209661): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.943:15209661): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.943:15209661): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.943:15209661): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.943:15209661): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.943:15209661): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=437724 pid=437733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.928:15209660): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.928:15209660): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.928:15209660): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.928:15209660): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.928:15209660): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3838039772\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/d951777b992613e19928261d3f22ead3ce528a8464891a954ab68500510d2366.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.928:15209660): arch=c000003e syscall=59 success=yes exit=0 a0=c000408cd0 a1=c0001b8d80 a2=c0001b8e00 a3=0 items=2 ppid=4084 pid=437724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209659): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209659): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209659): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209659): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.489:15209659): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.489:15209659): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209659): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209658): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209658): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209658): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209658): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209657): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209657): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209657): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209657): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209656): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209656): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209656): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209656): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209655): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209655): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209655): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209655): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209654): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209654): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209654): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209654): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.489:15209653): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.489:15209653): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.489:15209653): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.489:15209653): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209652): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209652): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209652): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209652): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.486:15209652): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.486:15209652): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209652): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209651): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209651): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209651): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209651): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209650): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209650): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209650): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209650): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209649): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209649): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209649): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209649): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209648): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209648): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209648): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209648): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209647): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209647): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209647): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209647): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.486:15209646): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.486:15209646): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.486:15209646): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.486:15209646): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209645): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209645): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209645): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209645): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.483:15209645): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.483:15209645): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209645): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209644): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209644): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209644): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209644): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209643): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209643): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209643): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209643): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209642): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209642): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209642): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209642): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209641): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209641): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209641): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209641): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209640): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209640): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209640): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209640): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.483:15209639): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.483:15209639): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.483:15209639): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.483:15209639): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.363:15209637): proctitle=707300617578"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.363:15209637): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.363:15209637): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.363:15209637): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.363:15209638): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.363:15209637): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.363:15209638): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.363:15209637): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.363:15209638): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.363:15209638): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.363:15209638): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.363:15209638): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.363:15209638): arch=c000003e syscall=59 success=yes exit=0 a0=5ddd704458a8 a1=5ddd70445800 a2=5ddd70445818 a3=59c2fc8fb8bc7552 items=2 ppid=437712 pid=437719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.363:15209637): arch=c000003e syscall=59 success=yes exit=0 a0=5ddd70445888 a1=5ddd704457e0 a2=5ddd704457f8 a3=59c2fc8fb8bc7552 items=2 ppid=437712 pid=437718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.359:15209636): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.359:15209636): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.359:15209636): item=0 name=\"/bin/sh\" inode=8524584 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.359:15209636): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.359:15209636): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.359:15209636): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.359:15209636): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f50 a1=c000022680 a2=c000114a20 a3=0 items=2 ppid=437700 pid=437712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.311:15209635): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.311:15209635): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.311:15209635): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.311:15209635): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.311:15209635): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.311:15209635): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437700 pid=437709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.297:15209634): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.297:15209634): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.297:15209634): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.297:15209634): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.297:15209634): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3739335868\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/f7e357974b4c6f354fcbac54b823b689c27ce0f5565856f5e88747c9e7ca1fcb.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.297:15209634): arch=c000003e syscall=59 success=yes exit=0 a0=c000010ad0 a1=c00031d800 a2=c00031d880 a3=0 items=2 ppid=4241 pid=437700 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.229:15209633): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209633): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209633): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.229:15209633): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.229:15209633): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.229:15209633): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.229:15209633): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.229:15209632): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209632): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.229:15209632): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.229:15209632): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.229:15209631): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209631): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.229:15209631): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.229:15209631): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.229:15209630): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209630): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.229:15209630): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.229:15209630): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.229:15209629): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.229:15209629): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.229:15209629): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.229:15209629): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.228:15209628): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.228:15209628): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.228:15209628): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.228:15209628): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.228:15209627): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.228:15209627): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.228:15209627): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.228:15209627): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209626): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209626): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209626): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209626): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.226:15209626): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.226:15209626): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209626): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209625): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209625): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209625): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209625): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209624): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209624): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209624): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209624): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209623): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209623): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209623): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209623): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209622): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209622): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209622): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209622): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.226:15209621): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.226:15209621): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.226:15209621): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.226:15209621): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.225:15209620): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.225:15209620): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.225:15209620): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.225:15209620): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e4c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209619): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209619): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209619): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209619): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766396.223:15209619): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766396.223:15209619): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209619): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209618): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209618): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209618): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209618): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209617): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209617): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209617): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209617): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209616): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209616): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209616): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209616): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209615): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209615): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209615): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209615): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209614): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209614): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209614): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209614): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766396.223:15209613): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766396.223:15209613): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766396.223:15209613): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766396.223:15209613): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.326:15209612): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.326:15209612): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.326:15209612): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.326:15209612): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766395.326:15209612): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.326:15209612): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=437678 pid=437688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.311:15209611): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.311:15209611): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.311:15209611): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.311:15209611): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766395.311:15209611): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1102418635\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/5a7554c0ca8b7a4201d17b5eef16af0eb666572513106a8861f444debc2be8d1.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.311:15209611): arch=c000003e syscall=59 success=yes exit=0 a0=c000343a20 a1=c000376100 a2=c000376180 a3=0 items=2 ppid=4374 pid=437678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209610): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209610): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209610): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209610): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766395.164:15209610): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766395.164:15209610): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209610): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209609): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209609): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209609): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209609): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209608): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209608): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209608): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209608): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209607): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209607): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209607): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209607): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209606): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209606): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209606): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209606): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209605): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209605): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209605): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209605): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.164:15209604): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.164:15209604): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.164:15209604): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.164:15209604): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800bc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.162:15209603): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.162:15209603): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.162:15209603): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.162:15209603): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766395.162:15209603): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766395.162:15209603): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.162:15209603): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.162:15209602): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.162:15209602): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.162:15209602): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.162:15209602): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.161:15209601): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.161:15209601): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.161:15209601): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.161:15209601): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.161:15209600): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.161:15209600): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.161:15209600): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.161:15209600): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.161:15209599): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.161:15209599): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.161:15209599): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.161:15209599): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.161:15209598): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.161:15209598): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.161:15209598): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.161:15209598): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.161:15209597): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.161:15209597): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.161:15209597): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.161:15209597): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209596): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209596): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209596): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209596): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766395.158:15209596): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766395.158:15209596): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209596): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209595): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209595): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209595): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209595): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209594): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209594): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209594): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209594): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209593): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209593): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209593): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209593): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209592): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209592): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209592): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209592): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209591): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209591): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209591): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209591): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766395.158:15209590): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766395.158:15209590): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766395.158:15209590): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766395.158:15209590): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766394.528:15209589): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.528:15209589): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.528:15209589): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766394.528:15209589): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766394.528:15209589): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766394.528:15209589): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766394.528:15209589): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=437654 pid=437667 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766394.483:15209588): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.483:15209588): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.483:15209588): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766394.483:15209588): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766394.483:15209588): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766394.483:15209588): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=437654 pid=437663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766394.469:15209587): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.469:15209587): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766394.469:15209587): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766394.469:15209587): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766394.469:15209587): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1715677133\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/4dc2ce136c5568ec461ddee51a59c061d6a5fdb800e93c95910724e1e8458c24.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766394.469:15209587): arch=c000003e syscall=59 success=yes exit=0 a0=c000275d80 a1=c0001b3d00 a2=c0001b3d80 a3=0 items=2 ppid=2767 pid=437654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.485:15209586): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.485:15209586): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.485:15209586): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.485:15209586): cwd=\"/\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.485:15209586): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.485:15209586): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.485:15209586): arch=c000003e syscall=59 success=yes exit=0 a0=5826839c2980 a1=582683d34510 a2=582683996970 a3=769ad7c50e70 items=2 ppid=437646 pid=437652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.448:15209585): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.448:15209585): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.448:15209585): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.448:15209585): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.448:15209585): cwd=\"/\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.448:15209585): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.448:15209585): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.448:15209585): arch=c000003e syscall=59 success=yes exit=0 a0=555ec7f89678 a1=555ec7f895e0 a2=555ec7f89610 a3=8 items=3 ppid=437646 pid=437652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.443:15209584): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.443:15209584): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.443:15209584): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.443:15209584): cwd=\"/\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.443:15209584): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.443:15209584): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.443:15209584): arch=c000003e syscall=59 success=yes exit=0 a0=c000194eb0 a1=c000022680 a2=c000025260 a3=0 items=2 ppid=4402 pid=437646 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.400:15209583): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.400:15209583): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.400:15209583): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.400:15209583): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.400:15209583): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.400:15209583): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=437634 pid=437644 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.385:15209582): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.385:15209582): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.385:15209582): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.385:15209582): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.385:15209582): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2581576320\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/44de0672fb1f63f0a498f9704f72f83f663975542cc821e9bacaa59164e08d52.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.385:15209582): arch=c000003e syscall=59 success=yes exit=0 a0=c00048ce10 a1=c000382100 a2=c000382180 a3=0 items=2 ppid=4402 pid=437634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.191:15209581): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.191:15209581): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.191:15209581): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.191:15209581): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.191:15209581): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.191:15209581): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.191:15209581): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=2 ppid=437594 pid=437619 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.192:15209580): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.192:15209580): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.192:15209580): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.192:15209580): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.192:15209580): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.192:15209580): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.192:15209580): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=437595 pid=437624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.147:15209579): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.147:15209579): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.147:15209579): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.147:15209579): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.147:15209579): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.147:15209579): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437595 pid=437615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.145:15209578): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.145:15209578): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.145:15209578): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.145:15209578): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.145:15209578): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.145:15209578): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=437594 pid=437609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.133:15209577): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.133:15209577): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.133:15209577): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.133:15209577): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.133:15209577): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2435477279\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/9db1bf5beed6d66b2f1e8b861feb03a25cdaf42881d318438cbbed2842100852.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.133:15209577): arch=c000003e syscall=59 success=yes exit=0 a0=c000407190 a1=c0003e0a00 a2=c0003e0a80 a3=0 items=2 ppid=3759 pid=437595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.130:15209576): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.130:15209576): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.130:15209576): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.130:15209576): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.130:15209576): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1568389294\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/12786649cc9e13b5dabcebeb0826827bbdeaac645baf6550f9f76fcab33ac648.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.130:15209576): arch=c000003e syscall=59 success=yes exit=0 a0=c000495060 a1=c0002bca80 a2=c0002bcb00 a3=0 items=2 ppid=2638 pid=437594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766393.017:15209575): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.017:15209575): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766393.017:15209575): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766393.017:15209575): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766393.017:15209575): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766393.017:15209575): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766393.017:15209575): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=3571 pid=437586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.973:15209574): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.973:15209574): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.973:15209574): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.973:15209574): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.973:15209574): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.973:15209574): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437574 pid=437583 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.960:15209573): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.960:15209573): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.960:15209573): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.960:15209573): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.960:15209573): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2680517060\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/4788f948001175094a627b387b3df7cd88d118eb2a135fb8eb181930cb45a661.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.960:15209573): arch=c000003e syscall=59 success=yes exit=0 a0=c00024e8f0 a1=c000394880 a2=c000394900 a3=0 items=2 ppid=3571 pid=437574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.771:15209572): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.771:15209572): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.771:15209572): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.771:15209572): cwd=\"/\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.771:15209572): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.771:15209572): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.771:15209572): arch=c000003e syscall=59 success=yes exit=0 a0=7864c7065278 a1=7864c70651d8 a2=7864c70651f8 a3=8080808080808080 items=2 ppid=3558 pid=437563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.766:15209571): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.766:15209571): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.766:15209571): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.766:15209571): cwd=\"/\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.766:15209571): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.766:15209571): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.766:15209571): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3558 pid=437563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.768:15209570): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.768:15209570): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.768:15209570): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.768:15209570): cwd=\"/\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.768:15209570): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.768:15209570): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.768:15209570): arch=c000003e syscall=59 success=yes exit=0 a0=71114a0e63f8 a1=71114a0e6290 a2=71114a0e6378 a3=0 items=2 ppid=3688 pid=437557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.765:15209569): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.765:15209569): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.765:15209569): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.765:15209569): cwd=\"/\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.765:15209569): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.765:15209569): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.765:15209569): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=437532 pid=437557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.722:15209568): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.722:15209568): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.722:15209568): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.722:15209568): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.722:15209568): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.722:15209568): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437533 pid=437553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.719:15209567): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.719:15209567): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.719:15209567): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.719:15209567): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.719:15209567): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.719:15209567): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fd840 a1=c000201338 a2=c000203c40 a3=0 items=2 ppid=437532 pid=437547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.701:15209566): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.701:15209566): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.701:15209566): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.701:15209566): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.701:15209566): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3620351528\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/b3010f60bc0e14d56ec16ad93a38b9baeeaf75c3df1d77ec210b9622df06269b.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.701:15209566): arch=c000003e syscall=59 success=yes exit=0 a0=c0004291d0 a1=c00017fc00 a2=c00017fd80 a3=0 items=2 ppid=3558 pid=437533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.700:15209565): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.700:15209565): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.700:15209565): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.700:15209565): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.700:15209565): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process993176110\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/d08def0350e1a1bceeb8117b7bedeb9c31a7504b77fed09721fbfd4de4bbc606.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.700:15209565): arch=c000003e syscall=59 success=yes exit=0 a0=c0002bfe30 a1=c0003ee200 a2=c0003ee280 a3=0 items=2 ppid=3688 pid=437532 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.379:15209564): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.379:15209564): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.379:15209564): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.379:15209564): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.379:15209564): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.379:15209564): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.379:15209564): arch=c000003e syscall=59 success=yes exit=0 a0=7f3a58911408 a1=7f3a589113b0 a2=7f3a589113d8 a3=8080808080808080 items=2 ppid=437524 pid=437531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.376:15209563): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.376:15209563): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.376:15209563): item=0 name=\"/bin/sh\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.376:15209563): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.376:15209563): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.376:15209563): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.376:15209563): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=437512 pid=437524 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.332:15209562): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.332:15209562): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.332:15209562): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.332:15209562): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.332:15209562): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.332:15209562): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437512 pid=437521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.318:15209561): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.318:15209561): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.318:15209561): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.318:15209561): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.318:15209561): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2853497979\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/fd41b7f30b3a267f2df9ca5e6602192c5d4273938c6a8de3abfd3e464ffc1d58.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.318:15209561): arch=c000003e syscall=59 success=yes exit=0 a0=c000011970 a1=c0000f5400 a2=c0000f5480 a3=0 items=2 ppid=2253 pid=437512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.205:15209560): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.205:15209560): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.205:15209560): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.205:15209560): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.205:15209560): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.205:15209560): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.205:15209560): arch=c000003e syscall=59 success=yes exit=0 a0=5740b5d0f758 a1=5740a65d6990 a2=5740b5d0f6e8 a3=8 items=2 ppid=437505 pid=437511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.202:15209559): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.202:15209559): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.202:15209559): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.202:15209559): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.202:15209559): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766392.202:15209559): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.202:15209559): arch=c000003e syscall=59 success=yes exit=0 a0=c000194ee8 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=437493 pid=437505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.154:15209558): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.154:15209558): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.154:15209558): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.154:15209558): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.154:15209558): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.154:15209558): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437493 pid=437503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766392.141:15209557): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.141:15209557): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766392.141:15209557): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766392.141:15209557): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766392.141:15209557): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2554327690\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/ac3288936d569e7572fb464ae86687fea3e97de93ef2f761f69bad8bbb8e89ef.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766392.141:15209557): arch=c000003e syscall=59 success=yes exit=0 a0=c0003bc750 a1=c00030ce00 a2=c00030cf00 a3=0 items=2 ppid=4578 pid=437493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.569:15209556): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.569:15209556): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.569:15209556): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.569:15209556): cwd=\"/\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.569:15209556): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.569:15209556): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.569:15209556): arch=c000003e syscall=59 success=yes exit=0 a0=7a84152e6278 a1=7a84152e61d8 a2=7a84152e61f8 a3=8080808080808080 items=2 ppid=437461 pid=437481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.566:15209555): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.566:15209555): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.566:15209555): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.566:15209555): cwd=\"/\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.566:15209555): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.566:15209555): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.566:15209555): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=437461 pid=437481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.520:15209554): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.520:15209554): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.520:15209554): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.520:15209554): cwd=\"/\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.520:15209554): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.520:15209554): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.520:15209554): arch=c000003e syscall=59 success=yes exit=0 a0=72209fc0a3f8 a1=72209fc0a278 a2=72209fc0a378 a3=0 items=2 ppid=3652 pid=437462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.513:15209553): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.513:15209553): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.513:15209553): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.513:15209553): cwd=\"/\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.513:15209553): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.513:15209553): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.513:15209553): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a6f68 a1=c000022680 a2=c0001588c0 a3=0 items=2 ppid=437448 pid=437462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.492:15209552): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.492:15209552): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.492:15209552): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.492:15209552): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.492:15209552): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.492:15209552): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=437461 pid=437477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.468:15209551): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.468:15209551): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.468:15209551): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.468:15209551): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.468:15209551): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process583645913\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/eb083a7da98c79e3c121741a1de12aba394a9d00eca306f9150f360d6dd50eac.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.468:15209551): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ac10 a1=c0003b0700 a2=c0003b0780 a3=0 items=2 ppid=3626 pid=437461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.461:15209550): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.461:15209550): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.461:15209550): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.461:15209550): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.461:15209550): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.461:15209550): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=437448 pid=437457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.446:15209549): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.446:15209549): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.446:15209549): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.446:15209549): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.446:15209549): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3283770801\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/cbfccc1885a8b712488971bd3d1e0516e439dbe4c80ae162a60a6bf2f2547d6d.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.446:15209549): arch=c000003e syscall=59 success=yes exit=0 a0=c000099fc0 a1=c0002ec080 a2=c0002ed080 a3=0 items=2 ppid=3652 pid=437448 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209548): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209548): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209548): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209548): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.432:15209548): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.432:15209548): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209548): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209547): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209547): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209547): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209547): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209546): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209546): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209546): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209546): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209545): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209545): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209545): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209545): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209544): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209544): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209544): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209544): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209543): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209543): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209543): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209543): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.432:15209542): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.432:15209542): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.432:15209542): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.432:15209542): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dc40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209541): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209541): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209541): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209541): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.429:15209541): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.429:15209541): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209541): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209540): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209540): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209540): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209540): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209539): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209539): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209539): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209539): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209538): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209538): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209538): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209538): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209537): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209537): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209537): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209537): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209536): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209536): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209536): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209536): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.429:15209535): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.429:15209535): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.429:15209535): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.429:15209535): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dea0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209534): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209534): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209534): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209534): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.426:15209534): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.426:15209534): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209534): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209533): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209533): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209533): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209533): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209532): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209532): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209532): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209532): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209531): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209531): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209531): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209531): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209530): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209530): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209530): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209530): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209529): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209529): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209529): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209529): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.426:15209528): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.426:15209528): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.426:15209528): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.426:15209528): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209527): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209527): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209527): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209527): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.169:15209527): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.169:15209527): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209527): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209526): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209526): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209526): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209526): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209525): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209525): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209525): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209525): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209524): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209524): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209524): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209524): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209523): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209523): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209523): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209523): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209522): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209522): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209522): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209522): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.169:15209521): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.169:15209521): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.169:15209521): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.169:15209521): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209520): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209520): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209520): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209520): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.165:15209520): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.165:15209520): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209520): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209519): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209519): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209519): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209519): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209518): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209518): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209518): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209518): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209517): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209517): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209517): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209517): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209516): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209516): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209516): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209516): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209515): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209515): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209515): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209515): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.165:15209514): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.165:15209514): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.165:15209514): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.165:15209514): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209513): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209513): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209513): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209513): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766390.162:15209513): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766390.162:15209513): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209513): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209512): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209512): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209512): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209512): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209511): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209511): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209511): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209511): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209510): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209510): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209510): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209510): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209509): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209509): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209509): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209509): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209508): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209508): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209508): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209508): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766390.162:15209507): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766390.162:15209507): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766390.162:15209507): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766390.162:15209507): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e320 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.592:15209506): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.592:15209506): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.592:15209506): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.592:15209506): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.592:15209506): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.592:15209506): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.592:15209506): arch=c000003e syscall=59 success=yes exit=0 a0=72440bed4288 a1=72440bed41e8 a2=72440bed4208 a3=0 items=2 ppid=3223 pid=437427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.592:15209505): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.592:15209505): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.592:15209505): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.592:15209505): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.592:15209505): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.592:15209505): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.592:15209505): arch=c000003e syscall=59 success=yes exit=0 a0=77a540550288 a1=77a5405501e8 a2=77a540550208 a3=0 items=2 ppid=3630 pid=437428 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.589:15209504): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.589:15209504): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.589:15209504): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.589:15209504): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.589:15209504): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.589:15209504): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.589:15209503): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.589:15209503): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.589:15209503): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.589:15209503): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.589:15209503): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.589:15209503): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.589:15209504): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3223 pid=437427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.589:15209503): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf48 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=437402 pid=437428 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.541:15209502): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.541:15209502): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.541:15209502): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.541:15209502): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.541:15209502): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.541:15209502): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=437402 pid=437421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.540:15209501): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.540:15209501): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.540:15209501): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:c8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.540:15209501): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.540:15209501): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.540:15209501): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=437401 pid=437416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.524:15209499): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.524:15209500): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.524:15209499): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.524:15209500): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.524:15209499): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.524:15209500): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.524:15209499): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.524:15209500): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.524:15209499): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1794521244\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/f3218bec8a00b9fc80ba29de0573b90a7ff124823a08bfb33676fc4706a3772d.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.524:15209500): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3415014172\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/5c4d0c8debf99a45e2bfb5ebb92da667728c8837e3904acce2a9238d8d164d68.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.524:15209500): arch=c000003e syscall=59 success=yes exit=0 a0=c00040af80 a1=c0002bdd00 a2=c0002bdd80 a3=0 items=2 ppid=3630 pid=437402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.524:15209499): arch=c000003e syscall=59 success=yes exit=0 a0=c0001dd250 a1=c00036b900 a2=c00036b980 a3=0 items=2 ppid=3223 pid=437401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209498): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209498): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209498): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209498): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.142:15209498): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.142:15209498): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209498): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209497): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209497): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209497): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209497): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209496): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209496): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209496): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209496): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209495): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209495): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209495): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209495): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209494): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209494): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209494): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209494): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209493): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209493): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209493): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209493): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.142:15209492): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.142:15209492): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.142:15209492): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.142:15209492): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209491): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209491): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209491): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209491): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.139:15209491): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.139:15209491): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209491): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209490): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209490): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209490): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209490): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209489): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209489): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209489): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209489): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209488): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209488): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209488): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209488): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209487): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209487): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209487): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209487): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209486): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209486): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209486): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209486): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.139:15209485): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.139:15209485): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.139:15209485): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.139:15209485): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800be0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209484): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209484): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209484): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209484): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.136:15209484): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.136:15209484): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209484): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209483): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209483): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209483): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209483): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209482): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209482): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209482): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209482): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209481): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209481): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209481): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209481): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209480): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209480): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209480): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209480): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209479): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209479): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209479): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209479): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.136:15209478): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.136:15209478): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.136:15209478): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.136:15209478): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.030:15209477): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.030:15209477): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.030:15209477): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.030:15209477): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.030:15209477): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.030:15209477): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.030:15209477): arch=c000003e syscall=59 success=yes exit=0 a0=79327787c288 a1=79327787c1e8 a2=79327787c208 a3=0 items=2 ppid=4000 pid=437391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766389.027:15209476): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.027:15209476): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766389.027:15209476): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766389.027:15209476): cwd=\"/\""}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766389.027:15209476): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766389.027:15209476): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766389.027:15209476): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=437379 pid=437391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.971:15209475): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.971:15209475): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.971:15209475): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.971:15209475): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.971:15209475): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.971:15209475): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=437379 pid=437388 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.955:15209474): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.955:15209474): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.955:15209474): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.955:15209474): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.955:15209474): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3392265635\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/325157f2983ca7430c03946a6a705bd7f30db77ab5f8313d3438c9139c5f288c.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.955:15209474): arch=c000003e syscall=59 success=yes exit=0 a0=c00035de80 a1=c0000a7c80 a2=c0000a7d00 a3=0 items=2 ppid=4000 pid=437379 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.792:15209473): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.792:15209473): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.792:15209473): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.792:15209473): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.792:15209473): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.792:15209473): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.792:15209473): arch=c000003e syscall=59 success=yes exit=0 a0=57345b1c79a0 a1=57345b1c8280 a2=57345b1c4300 a3=8 items=2 ppid=437375 pid=437377 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.792:15209472): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.792:15209472): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.792:15209472): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.792:15209472): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.792:15209472): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.792:15209472): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.792:15209472): arch=c000003e syscall=59 success=yes exit=0 a0=57345b1c79d0 a1=57345b1c82b0 a2=57345b1c4300 a3=8 items=2 ppid=437375 pid=437376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.782:15209471): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.782:15209471): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.782:15209471): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.782:15209471): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.782:15209471): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.782:15209471): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.782:15209471): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.782:15209471): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ae00 a2=c0000bbe00 a3=0 items=3 ppid=437356 pid=437369 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.686:15209470): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.686:15209470): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.686:15209470): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.686:15209470): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.686:15209470): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.686:15209470): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437356 pid=437366 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.638:15209469): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.638:15209469): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.638:15209469): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.638:15209469): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.638:15209469): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process458494605\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/ed40be5b69aa0d6959b0155e1e5da5fd2059e329d569e7c668740f26f43a5680.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.638:15209469): arch=c000003e syscall=59 success=yes exit=0 a0=c000215c10 a1=c00030e100 a2=c00030ef00 a3=0 items=2 ppid=4295 pid=437356 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.155:15209468): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.155:15209468): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.155:15209468): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.155:15209468): cwd=\"/\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.155:15209468): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.155:15209468): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.155:15209468): arch=c000003e syscall=59 success=yes exit=0 a0=57a3fe98f990 a1=57a3fe9b19c0 a2=57a3fe990860 a3=8 items=2 ppid=437348 pid=437355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.142:15209467): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.142:15209467): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.142:15209467): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.142:15209467): cwd=\"/\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.142:15209467): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.142:15209467): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.142:15209467): arch=c000003e syscall=59 success=yes exit=0 a0=57a3fe98ffe0 a1=57a3fe9b1810 a2=57a3fe9904a0 a3=8 items=2 ppid=437348 pid=437354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.133:15209466): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.133:15209466): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.133:15209466): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.133:15209466): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.133:15209466): cwd=\"/\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.133:15209466): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766388.133:15209466): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.133:15209466): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=4475 pid=437348 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.087:15209465): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.087:15209465): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.087:15209465): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.087:15209465): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.087:15209465): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.087:15209465): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=437336 pid=437345 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766388.074:15209464): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.074:15209464): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766388.074:15209464): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766388.074:15209464): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766388.074:15209464): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process676756318\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/d046220179fc7bb5a94a7763dad6f7c4101a871b438e07aac50d5d4e27651658.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766388.074:15209464): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b3ca0 a1=c0000fff00 a2=c0002e7500 a3=0 items=2 ppid=4475 pid=437336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766386.901:15209463): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.901:15209463): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.901:15209463): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766386.901:15209463): cwd=\"/\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766386.901:15209463): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766386.901:15209463): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766386.901:15209463): arch=c000003e syscall=59 success=yes exit=0 a0=5d1551b0f700 a1=5d15517892c0 a2=5d1551778970 a3=71761f2e9e70 items=2 ppid=437324 pid=437331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766386.857:15209462): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.857:15209462): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.857:15209462): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.857:15209462): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766386.857:15209462): cwd=\"/\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766386.857:15209462): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766386.857:15209462): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766386.857:15209462): arch=c000003e syscall=59 success=yes exit=0 a0=634c1110a640 a1=634bf2a879a8 a2=634c1110a5d8 a3=8 items=3 ppid=437324 pid=437331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766386.847:15209461): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.847:15209461): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.847:15209461): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766386.847:15209461): cwd=\"/\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766386.847:15209461): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766386.847:15209461): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766386.847:15209461): arch=c000003e syscall=59 success=yes exit=0 a0=c000194eb0 a1=c000022680 a2=c000025200 a3=0 items=2 ppid=4084 pid=437324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766386.804:15209460): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.804:15209460): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.804:15209460): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766386.804:15209460): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766386.804:15209460): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766386.804:15209460): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=437312 pid=437322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766386.789:15209459): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.789:15209459): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766386.789:15209459): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766386.789:15209459): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766386.789:15209459): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1605946316\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/b59edbdb312f90ec9657eedfb95fa39f4edb90a321725370bd927d86df98bb1e.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766386.789:15209459): arch=c000003e syscall=59 success=yes exit=0 a0=c000408ba0 a1=c0001b8a00 a2=c0001b8a80 a3=0 items=2 ppid=4084 pid=437312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.869:15209458): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.869:15209458): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.869:15209458): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.869:15209458): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.869:15209458): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766385.869:15209458): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.869:15209458): arch=c000003e syscall=59 success=yes exit=0 a0=c00017af50 a1=c000022ac0 a2=c0000f0a20 a3=0 items=2 ppid=437292 pid=437304 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.829:15209457): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.829:15209457): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.829:15209457): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.829:15209457): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.829:15209457): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.829:15209457): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f5850 a1=c0001f9338 a2=c0001fbc40 a3=0 items=2 ppid=437292 pid=437302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.815:15209456): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.815:15209456): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.815:15209456): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.815:15209456): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.815:15209456): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process469245319\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/34489144f13c20dd55ab51d0eb93ff1ed57cb187cea208759ac9c2695d1c9d9c.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.815:15209456): arch=c000003e syscall=59 success=yes exit=0 a0=c0002cec50 a1=c000198b00 a2=c000199680 a3=0 items=2 ppid=4472 pid=437292 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.680:15209455): proctitle=77676574002D714F002F6465762F6E756C6C00687474703A2F2F3132372E302E302E313A383432382F6865616C7468"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.680:15209455): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6692706 dev=00:49 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.680:15209455): item=0 name=\"/usr/bin/wget\" inode=6690603 dev=00:49 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.680:15209455): cwd=\"/\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.680:15209455): argc=4 a0=\"wget\" a1=\"-qO\" a2=\"/dev/null\" a3=\"http://127.0.0.1:8428/health\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766385.680:15209455): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.680:15209455): arch=c000003e syscall=59 success=yes exit=0 a0=73a671cdc408 a1=73a671cdc3b0 a2=73a671cdc3d8 a3=8 items=2 ppid=437285 pid=437291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.676:15209454): proctitle=2F62696E2F7368002D630077676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383432382F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.676:15209454): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6692706 dev=00:49 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.676:15209454): item=0 name=\"/bin/sh\" inode=6690603 dev=00:49 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.676:15209454): cwd=\"/\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.676:15209454): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383432382F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766385.676:15209454): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.676:15209454): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a0f38 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=437272 pid=437285 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.631:15209453): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.631:15209453): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.631:15209453): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.631:15209453): cwd=\"/var/lib/docker/rootfs/overlayfs/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.631:15209453): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.631:15209453): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437272 pid=437280 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.617:15209452): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F66663230363237646363316631376231396363653366633164"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.617:15209452): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.617:15209452): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.617:15209452): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.617:15209452): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2333988184\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35/9f0a3ec9fe0cd1a6cf154f93fb8ee028df645d0bb2bca4a00f3a54411b570d6c.pid\" a14=\"ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.617:15209452): arch=c000003e syscall=59 success=yes exit=0 a0=c0001b8360 a1=c0001f7800 a2=c0001f7880 a3=0 items=2 ppid=3201 pid=437272 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.498:15209451): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.498:15209451): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.498:15209451): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.498:15209451): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.498:15209451): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.498:15209451): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b810 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=437250 pid=437259 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.483:15209450): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.483:15209450): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.483:15209450): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.483:15209450): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.483:15209450): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2466766160\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/e804bf1940481d6e3d59653b672e10939767e5477f24ebba849ea26c915410a3.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.483:15209450): arch=c000003e syscall=59 success=yes exit=0 a0=c00022b900 a1=c0000e8180 a2=c0000e8200 a3=0 items=2 ppid=3764 pid=437250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.125:15209449): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.125:15209449): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.125:15209449): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.125:15209449): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.125:15209449): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766385.125:15209449): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.125:15209449): arch=c000003e syscall=59 success=yes exit=0 a0=7312535fd408 a1=7312535fd3b0 a2=7312535fd3d8 a3=8080808080808080 items=2 ppid=437242 pid=437248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.121:15209448): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.121:15209448): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.121:15209448): item=0 name=\"/bin/sh\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.121:15209448): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.121:15209448): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766385.121:15209448): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.121:15209448): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=437230 pid=437242 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.065:15209447): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.065:15209447): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.065:15209447): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.065:15209447): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.065:15209447): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.065:15209447): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=437230 pid=437240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766385.050:15209446): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.050:15209446): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766385.050:15209446): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766385.050:15209446): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766385.050:15209446): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1815182569\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/2175ac4edfacf703b9b83747ddf19a0f9eda5ea40f1c557bbe1a9977b2b5e74d.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766385.050:15209446): arch=c000003e syscall=59 success=yes exit=0 a0=c000011260 a1=c000233c00 a2=c000233c80 a3=0 items=2 ppid=2257 pid=437230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.811:15209445): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.811:15209445): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.811:15209445): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.811:15209445): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.811:15209445): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.811:15209445): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.811:15209445): arch=c000003e syscall=59 success=yes exit=0 a0=5a726dd5fc68 a1=5a726dd5f8f8 a2=5a726dd5fba8 a3=8 items=2 ppid=437212 pid=437218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.807:15209444): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.807:15209444): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.807:15209444): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.807:15209444): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.807:15209444): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.807:15209444): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.807:15209444): arch=c000003e syscall=59 success=yes exit=0 a0=c000190ed8 a1=c000022ac0 a2=c000120240 a3=0 items=2 ppid=437198 pid=437212 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.761:15209443): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.761:15209443): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.761:15209443): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.761:15209443): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.761:15209443): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.761:15209443): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437198 pid=437208 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.745:15209442): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.745:15209442): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.745:15209442): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.745:15209442): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.745:15209442): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1085760879\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/3a2947bba79b86651803e5a8850e54cbd8c9c866ceef46aaf3704250a292c69d.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.745:15209442): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b5e60 a1=c00017f480 a2=c00017f900 a3=0 items=2 ppid=4094 pid=437198 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.454:15209441): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.454:15209441): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.454:15209441): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.454:15209441): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.454:15209441): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.454:15209441): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.454:15209441): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000119350 a2=c0000df1c0 a3=0 items=2 ppid=2767 pid=437192 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.412:15209440): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.412:15209440): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.412:15209440): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.412:15209440): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.412:15209440): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.412:15209440): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=437180 pid=437190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.397:15209439): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.397:15209439): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.397:15209439): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.397:15209439): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.397:15209439): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3578402742\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/d6f6f67ef1c38a6b1383557ef85a7d7dc14062be28650b29202939c56ae03705.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.397:15209439): arch=c000003e syscall=59 success=yes exit=0 a0=c000404460 a1=c00017e780 a2=c00017e800 a3=0 items=2 ppid=2767 pid=437180 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.373:15209438): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.373:15209438): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.373:15209438): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.373:15209438): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.373:15209438): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.373:15209438): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.373:15209438): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.373:15209437): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.373:15209437): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.373:15209437): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.373:15209437): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.373:15209436): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.373:15209436): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.373:15209436): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.373:15209436): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.372:15209435): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.372:15209435): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.372:15209435): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.372:15209435): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.372:15209434): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.372:15209434): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.372:15209434): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.372:15209434): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.372:15209433): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.372:15209433): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.372:15209433): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.372:15209433): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.372:15209432): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.372:15209432): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.372:15209432): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.372:15209432): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022dd40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209431): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209431): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209431): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209431): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.370:15209431): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.370:15209431): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209431): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209430): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209430): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209430): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209430): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209429): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209429): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209429): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209429): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209428): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209428): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209428): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209428): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209427): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209427): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209427): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209427): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209426): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209426): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209426): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209426): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.370:15209425): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.370:15209425): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.370:15209425): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.370:15209425): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.367:15209424): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.367:15209424): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.367:15209424): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.367:15209424): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.367:15209424): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.367:15209424): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.367:15209424): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.367:15209423): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.367:15209423): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.367:15209423): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.367:15209423): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.367:15209422): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.367:15209422): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.367:15209422): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.367:15209422): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.367:15209421): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.367:15209421): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.367:15209421): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.367:15209421): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.366:15209420): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.366:15209420): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.366:15209420): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.366:15209420): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.366:15209419): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.366:15209419): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.366:15209419): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.366:15209419): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.366:15209418): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.366:15209418): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.366:15209418): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.366:15209418): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=437177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209417): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209417): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209417): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209417): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.107:15209417): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.107:15209417): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209417): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209416): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209416): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209416): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209416): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209415): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209415): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209415): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209415): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209414): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209414): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209414): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209414): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209413): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209413): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209413): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209413): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209412): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209412): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209412): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209412): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.107:15209411): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.107:15209411): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.107:15209411): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.107:15209411): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209410): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209410): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209410): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209410): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.104:15209410): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.104:15209410): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209410): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209409): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209409): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209409): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209409): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209408): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209408): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209408): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209408): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209407): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209407): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209407): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209407): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209406): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209406): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209406): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209406): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209405): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209405): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209405): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209405): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.104:15209404): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.104:15209404): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.104:15209404): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.104:15209404): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e360 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.101:15209403): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209403): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209403): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.101:15209403): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766384.101:15209403): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766384.101:15209403): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.101:15209403): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.101:15209402): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209402): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.101:15209402): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.101:15209402): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.101:15209401): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209401): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.101:15209401): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.101:15209401): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.101:15209400): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209400): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.101:15209400): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.101:15209400): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.101:15209399): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.101:15209399): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.101:15209399): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.101:15209399): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.100:15209398): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.100:15209398): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.100:15209398): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.100:15209398): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766384.100:15209397): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766384.100:15209397): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766384.100:15209397): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766384.100:15209397): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=437174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.358:15209396): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.358:15209396): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.358:15209396): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.358:15209396): cwd=\"/\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.358:15209396): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.358:15209396): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.358:15209396): arch=c000003e syscall=59 success=yes exit=0 a0=5b3caac37b20 a1=5b3caac76100 a2=5b3caa8d8970 a3=7208d1ab0e70 items=2 ppid=437166 pid=437172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.321:15209395): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.321:15209395): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.321:15209395): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.321:15209395): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.321:15209395): cwd=\"/\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.321:15209395): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.321:15209395): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.321:15209395): arch=c000003e syscall=59 success=yes exit=0 a0=563665548678 a1=5636655485e0 a2=563665548610 a3=8 items=3 ppid=437166 pid=437172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.316:15209394): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.316:15209394): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.316:15209394): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.316:15209394): cwd=\"/\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.316:15209394): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.316:15209394): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.316:15209394): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=437153 pid=437166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.274:15209393): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.274:15209393): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.274:15209393): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.274:15209393): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.274:15209393): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.274:15209393): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437153 pid=437163 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.260:15209392): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.260:15209392): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.260:15209392): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.260:15209392): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.260:15209392): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1407639735\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/b7115ec01dfe78aa7377b86037c5ae2c11e7ae837f2a65f68719a6b14fcf58f2.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.260:15209392): arch=c000003e syscall=59 success=yes exit=0 a0=c00042c6e0 a1=c0001c7e00 a2=c0001c7e80 a3=0 items=2 ppid=4402 pid=437153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.116:15209391): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.116:15209391): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.116:15209391): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.116:15209391): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.116:15209391): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.116:15209391): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.116:15209391): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=437092 pid=437138 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.112:15209390): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.112:15209390): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.112:15209390): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.112:15209390): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.112:15209390): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.112:15209390): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.112:15209390): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000119350 a2=c0000db1c0 a3=0 items=2 ppid=437098 pid=437136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.107:15209389): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.107:15209389): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.107:15209389): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.107:15209389): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.107:15209389): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.107:15209389): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.107:15209389): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.107:15209388): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.107:15209388): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.107:15209388): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.107:15209388): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.107:15209387): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.107:15209387): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.107:15209387): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.107:15209387): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.107:15209386): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.107:15209386): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.107:15209386): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.107:15209386): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.106:15209385): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.106:15209385): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.106:15209385): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.106:15209385): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.106:15209384): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.106:15209384): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.106:15209384): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.106:15209384): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.105:15209383): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.105:15209383): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.105:15209383): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.105:15209383): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209382): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209382): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209382): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209382): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.102:15209382): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.102:15209382): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209382): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209381): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209381): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209381): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209381): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209380): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209380): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209380): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209380): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209379): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209379): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209379): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209379): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209378): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209378): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209378): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209378): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209377): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209377): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209377): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209377): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.102:15209376): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.102:15209376): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.102:15209376): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.102:15209376): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.099:15209375): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209375): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209375): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.099:15209375): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.099:15209375): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766383.099:15209375): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.099:15209375): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.099:15209374): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209374): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.099:15209374): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.099:15209374): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.099:15209373): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209373): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.099:15209373): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.099:15209373): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.099:15209372): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209372): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.099:15209372): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.099:15209372): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.099:15209371): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.099:15209371): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.099:15209371): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.099:15209371): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.098:15209370): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.098:15209370): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.098:15209370): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.098:15209370): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.098:15209369): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.098:15209369): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.098:15209369): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.098:15209369): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800c80 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=437149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.063:15209368): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.063:15209368): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.063:15209368): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:1a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.063:15209368): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.063:15209368): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.063:15209368): arch=c000003e syscall=59 success=yes exit=0 a0=c000290010 a1=c000296000 a2=c000298000 a3=0 items=2 ppid=437098 pid=437134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.062:15209367): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.062:15209367): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.062:15209367): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:1a1 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.062:15209367): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.062:15209367): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.062:15209367): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c00 a3=0 items=2 ppid=437092 pid=437128 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.052:15209366): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.052:15209366): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.052:15209366): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.052:15209366): cwd=\"/var/lib/docker/rootfs/overlayfs/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.052:15209366): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.052:15209366): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437091 pid=437112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.045:15209365): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.045:15209365): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.045:15209365): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.045:15209365): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.045:15209365): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2287686335\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/4034d23072b1aee7941fe0cb71cc683527e9a642fb7f045b59eb6bd4edc84f1a.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.045:15209365): arch=c000003e syscall=59 success=yes exit=0 a0=c0004644f0 a1=c00036a480 a2=c00036a500 a3=0 items=2 ppid=2638 pid=437098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.043:15209364): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.043:15209364): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.043:15209364): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.043:15209364): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.043:15209364): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process586393353\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/91cd5c4ad6ca3ce2c0761bab6736c83f46494be853cc4d343a90b5a1f5a8632f.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.043:15209364): arch=c000003e syscall=59 success=yes exit=0 a0=c0004070d0 a1=c0003e0780 a2=c0003e0800 a3=0 items=2 ppid=3759 pid=437092 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766383.037:15209363): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353661303963323064636566306665363261613862353338"}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.037:15209363): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766383.037:15209363): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766383.037:15209363): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766383.037:15209363): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3753922625\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/7a182c053f36ba801a98f3190f6ce628cd50a5f299461ef3c1a6b46a9913a4c7.pid\" a14=\"056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-05-02T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766383.037:15209363): arch=c000003e syscall=59 success=yes exit=0 a0=c0002076c0 a1=c000176180 a2=c000176200 a3=0 items=2 ppid=2819 pid=437091 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.945:15209362): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.945:15209362): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.945:15209362): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.945:15209362): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.945:15209362): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766382.945:15209362): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.945:15209362): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=3571 pid=437084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.905:15209361): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.905:15209361): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.905:15209361): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.905:15209361): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.905:15209361): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.905:15209361): arch=c000003e syscall=59 success=yes exit=0 a0=c000245880 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=437071 pid=437081 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.891:15209360): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.891:15209360): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.891:15209360): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.891:15209360): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.891:15209360): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1322538298\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/e8423fe4e1c22512d70bef8253affbaa181a0c15dc3633e760ed1965dde0ee0c.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.891:15209360): arch=c000003e syscall=59 success=yes exit=0 a0=c00024e7f0 a1=c000394100 a2=c000394180 a3=0 items=2 ppid=3571 pid=437071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.682:15209359): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.682:15209359): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.682:15209359): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.682:15209359): cwd=\"/\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.682:15209359): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766382.682:15209359): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.682:15209359): arch=c000003e syscall=59 success=yes exit=0 a0=7dd7b4dbe278 a1=7dd7b4dbe1d8 a2=7dd7b4dbe1f8 a3=8080808080808080 items=2 ppid=3558 pid=437056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.678:15209358): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.678:15209358): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.678:15209358): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.678:15209358): cwd=\"/\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.678:15209358): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766382.678:15209358): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.678:15209358): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ef68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3558 pid=437056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.678:15209357): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.678:15209357): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.678:15209357): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.678:15209357): cwd=\"/\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.678:15209357): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766382.678:15209357): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.678:15209357): arch=c000003e syscall=59 success=yes exit=0 a0=7636ad41f3f8 a1=7636ad41f290 a2=7636ad41f378 a3=0 items=2 ppid=3688 pid=437057 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.675:15209356): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.675:15209356): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.675:15209356): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.675:15209356): cwd=\"/\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.675:15209356): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766382.675:15209356): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.675:15209356): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=437031 pid=437057 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.636:15209355): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.636:15209355): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.636:15209355): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.636:15209355): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.636:15209355): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.636:15209355): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fb840 a1=c0001ff338 a2=c000201c40 a3=0 items=2 ppid=437032 pid=437052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.634:15209354): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.634:15209354): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.634:15209354): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:c8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.634:15209354): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.634:15209354): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.634:15209354): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437031 pid=437047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.621:15209353): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.621:15209353): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.621:15209353): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.621:15209353): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.621:15209353): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process22018383\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/1f2bbb3b552e3c579996163165d631023841bfcfecb73afb3c84edd41341f5e2.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.621:15209353): arch=c000003e syscall=59 success=yes exit=0 a0=c000429040 a1=c00035ce80 a2=c00035cf00 a3=0 items=2 ppid=3558 pid=437032 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766382.619:15209352): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.619:15209352): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766382.619:15209352): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766382.619:15209352): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766382.619:15209352): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1661688630\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/1a93b3bd3c8990dadc943cc2065d3ede872c729f6592116daf73cde277aa596c.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766382.619:15209352): arch=c000003e syscall=59 success=yes exit=0 a0=c00042ab50 a1=c0002a5a80 a2=c0002a5b00 a3=0 items=2 ppid=3688 pid=437031 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766381.659:15209351): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.659:15209351): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.659:15209351): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766381.659:15209351): cwd=\"/var/lib/docker/rootfs/overlayfs/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766381.659:15209351): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766381.659:15209351): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=437011 pid=437020 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766381.645:15209350): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33653066323432613631643665386239353662656262656466"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.645:15209350): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.645:15209350): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766381.645:15209350): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766381.645:15209350): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process740462745\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e/2d75a1cdf9bb9d43c872ec5e3e655ffd11f2ee2a626b78b042420dd2c102519c.pid\" a14=\"3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766381.645:15209350): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cfb50 a1=c0000e7b00 a2=c0000e7b80 a3=0 items=2 ppid=4055 pid=437011 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766381.515:15209349): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6170692F76312F686561727462656174"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.515:15209349): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6817536 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.515:15209349): item=0 name=\"/usr/bin/curl\" inode=6830784 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766381.515:15209349): cwd=\"/chroma\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766381.515:15209349): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/api/v1/heartbeat\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766381.515:15209349): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766381.515:15209349): arch=c000003e syscall=59 success=yes exit=0 a0=c000198ee0 a1=c000022680 a2=c0000d8930 a3=0 items=2 ppid=436993 pid=437005 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766381.466:15209348): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.466:15209348): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.466:15209348): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766381.466:15209348): cwd=\"/var/lib/docker/rootfs/overlayfs/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766381.466:15209348): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766381.466:15209348): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=436993 pid=437002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766381.452:15209347): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31356437633031656162373530646435643136393766383835"}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.452:15209347): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766381.452:15209347): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766381.452:15209347): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766381.452:15209347): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process869000882\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/23a1f3aabaf7eeca9e055b8c0cc9fff64f6c07e7ca8720c15c7394994f9b6529.pid\" a14=\"15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-05-02T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766381.452:15209347): arch=c000003e syscall=59 success=yes exit=0 a0=c0002404c0 a1=c000410000 a2=c000410080 a3=0 items=2 ppid=4484 pid=436993 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.527:15209346): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.527:15209346): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.527:15209346): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.527:15209346): cwd=\"/var/lib/docker/rootfs/overlayfs/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.527:15209346): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.527:15209346): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b8b0 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436970 pid=436979 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.513:15209345): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32343431306137346363663039353465613337316565653961"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.513:15209345): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.513:15209345): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.513:15209345): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.513:15209345): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4043012540\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b/434cb4172117a235b5c05a730b1e7a555c9535e739aabdfcccf1dc568de92cd4.pid\" a14=\"24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.513:15209345): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ff4c0 a1=c000351880 a2=c000351900 a3=0 items=2 ppid=3461 pid=436970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.444:15209344): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.444:15209344): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.444:15209344): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.444:15209344): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.444:15209344): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766380.444:15209344): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.444:15209344): arch=c000003e syscall=59 success=yes exit=0 a0=718f234c8278 a1=718f234c81d8 a2=718f234c81f8 a3=8080808080808080 items=2 ppid=3626 pid=436962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.441:15209343): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.441:15209343): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.441:15209343): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.441:15209343): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.441:15209343): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766380.441:15209343): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.441:15209343): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ef68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3626 pid=436962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.423:15209342): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.423:15209342): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.423:15209342): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.423:15209342): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.423:15209342): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766380.423:15209342): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.423:15209342): arch=c000003e syscall=59 success=yes exit=0 a0=7f465a1dc3f8 a1=7f465a1dc278 a2=7f465a1dc378 a3=0 items=2 ppid=3652 pid=436943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.420:15209341): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.420:15209341): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.420:15209341): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.420:15209341): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.420:15209341): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766380.420:15209341): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.420:15209341): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=436930 pid=436943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.389:15209340): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.389:15209340): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.389:15209340): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.389:15209340): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.389:15209340): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.389:15209340): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=436944 pid=436959 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.374:15209339): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.374:15209339): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.374:15209339): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.374:15209339): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.374:15209339): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2773063154\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/de6f6ef4a66e48b0329330f7c256704cd58cbe49ce0623ae1842fb930ae53195.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.374:15209339): arch=c000003e syscall=59 success=yes exit=0 a0=c000176470 a1=c00014c000 a2=c00014c080 a3=0 items=2 ppid=3626 pid=436944 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.366:15209338): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.366:15209338): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.366:15209338): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.366:15209338): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.366:15209338): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.366:15209338): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=436930 pid=436939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.342:15209337): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.342:15209337): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.342:15209337): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.342:15209337): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.342:15209337): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3225758260\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/448ca2d120f590aeba9e8615242e5c3dab4ea25d988248b5588ead4fecfb51b8.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.342:15209337): arch=c000003e syscall=59 success=yes exit=0 a0=c00042eaa0 a1=c000208b00 a2=c000208b80 a3=0 items=2 ppid=3652 pid=436930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.296:15209336): proctitle=62617368002D63006563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.296:15209336): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.296:15209336): item=0 name=\"/usr/bin/bash\" inode=6837495 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.296:15209336): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.296:15209336): argc=3 a0=\"bash\" a1=\"-c\" a2=6563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.296:15209336): arch=c000003e syscall=59 success=yes exit=0 a0=5fe8514dd610 a1=5fe8514dd5c0 a2=5fe8514dd5e0 a3=8 items=2 ppid=436923 pid=436929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"bash\" exe=\"/usr/bin/bash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.292:15209335): proctitle=2F62696E2F7368002D630062617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.292:15209335): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.292:15209335): item=0 name=\"/bin/sh\" inode=6838254 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.292:15209335): cwd=\"/\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.292:15209335): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=62617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.292:15209335): arch=c000003e syscall=59 success=yes exit=0 a0=c0000dde38 a1=c000022900 a2=c0000d7500 a3=0 items=2 ppid=3881 pid=436923 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.264:15209334): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.264:15209334): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.264:15209334): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.264:15209334): cwd=\"/var/lib/docker/rootfs/overlayfs/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.264:15209334): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.264:15209334): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cdc00 a1=c000011050 a2=c00007bc40 a3=0 items=2 ppid=436897 pid=436919 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.250:15209333): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.250:15209333): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.250:15209333): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.250:15209333): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.250:15209333): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.250:15209333): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436891 pid=436902 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.249:15209332): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37303466343764623733343066626632303265353263303961"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.249:15209332): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.249:15209332): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.249:15209332): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.249:15209332): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3287909125\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/c6760f7315b4dbb734dbb774015c89cd2ce3eb2b8e5b3b2d327e36246f31f585.pid\" a14=\"704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.249:15209332): arch=c000003e syscall=59 success=yes exit=0 a0=c0002287f0 a1=c0002df580 a2=c000113700 a3=0 items=2 ppid=3881 pid=436897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766380.234:15209331): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.234:15209331): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766380.234:15209331): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766380.234:15209331): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766380.234:15209331): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4168447101\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/5b60d9e124571f2938001f37df756208eda17f27690b223353b7015d12839b5f.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766380.234:15209331): arch=c000003e syscall=59 success=yes exit=0 a0=c000011120 a1=c0003ae080 a2=c0003ae100 a3=0 items=2 ppid=4374 pid=436891 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.642:15209330): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.642:15209330): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.642:15209330): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.642:15209330): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.642:15209330): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.642:15209330): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.642:15209330): arch=c000003e syscall=59 success=yes exit=0 a0=6154ca0165c0 a1=6154ca016540 a2=6154ca016570 a3=7ee328ca4b38 items=2 ppid=436882 pid=436889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.636:15209329): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.636:15209329): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.636:15209329): item=0 name=\"/bin/sh\" inode=3675124 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.636:15209329): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.636:15209329): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.636:15209329): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.636:15209329): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce78 a1=c000022aa0 a2=c0000dd200 a3=0 items=2 ppid=2481 pid=436882 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.624:15209328): proctitle=77676574002D2D7175696574002D2D6E6F2D636865636B2D6365727469666963617465002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.624:15209328): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.624:15209328): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.624:15209328): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.624:15209328): argc=6 a0=\"wget\" a1=\"--quiet\" a2=\"--no-check-certificate\" a3=\"--tries=1\" a4=\"--spider\" a5=\"http://localhost:9091/api/health\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.624:15209328): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.624:15209328): arch=c000003e syscall=59 success=yes exit=0 a0=62a384a6ecb0 a1=62a384a6ec28 a2=62a384a6ec60 a3=7635f0ae7b38 items=2 ppid=436865 pid=436888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.619:15209327): proctitle=2F62696E2F7368002F6170702F6865616C7468636865636B2E7368"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.619:15209327): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.619:15209327): item=1 name=\"/bin/sh\" inode=3675124 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.619:15209327): item=0 name=\"/app/healthcheck.sh\" inode=3682079 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.619:15209327): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.619:15209327): argc=2 a0=\"/bin/sh\" a1=\"/app/healthcheck.sh\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.619:15209327): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.619:15209327): arch=c000003e syscall=59 success=yes exit=0 a0=c0000272f0 a1=c00002a800 a2=c0000db1c0 a3=0 items=3 ppid=436849 pid=436865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.586:15209326): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.586:15209326): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.586:15209326): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.586:15209326): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.586:15209326): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.586:15209326): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436855 pid=436878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.571:15209325): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.571:15209325): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.571:15209325): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.571:15209325): cwd=\"/var/lib/docker/rootfs/overlayfs/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.571:15209325): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.571:15209325): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=436849 pid=436859 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.567:15209324): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.567:15209324): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.567:15209324): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.567:15209324): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.567:15209324): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1075157914\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/9068c90f0a28bf08ce7b182daaffa163260da6da04ba42881dfe53ff9ec1fb63.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.567:15209324): arch=c000003e syscall=59 success=yes exit=0 a0=c000010e30 a1=c0002e0c80 a2=c0002e0e80 a3=0 items=2 ppid=2481 pid=436855 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.556:15209323): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623636656134666131303164663564616134646232396131"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.556:15209323): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.556:15209323): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.556:15209323): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.556:15209323): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2115281124\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/079f74f53f57f45ccf5d7d50d9f2ba69d68369502aa53955c302049520865752.pid\" a14=\"ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.556:15209323): arch=c000003e syscall=59 success=yes exit=0 a0=c000010ee0 a1=c000408780 a2=c000408800 a3=0 items=2 ppid=9325 pid=436849 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.498:15209322): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.498:15209322): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.498:15209322): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.498:15209322): cwd=\"/\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.498:15209322): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.498:15209322): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.498:15209322): arch=c000003e syscall=59 success=yes exit=0 a0=7f0ca35f4288 a1=7f0ca35f41e8 a2=7f0ca35f4208 a3=0 items=2 ppid=3630 pid=436815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.498:15209321): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.498:15209321): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.498:15209321): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.498:15209321): cwd=\"/\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.498:15209321): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.498:15209321): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.498:15209321): arch=c000003e syscall=59 success=yes exit=0 a0=78bdeea42288 a1=78bdeea421e8 a2=78bdeea42208 a3=0 items=2 ppid=3223 pid=436817 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.495:15209320): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.495:15209320): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.495:15209320): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.495:15209320): cwd=\"/\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.495:15209320): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.495:15209320): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.495:15209320): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3630 pid=436815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.495:15209319): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.495:15209319): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.495:15209319): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.495:15209319): cwd=\"/\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.495:15209319): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766379.495:15209319): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.495:15209319): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=436790 pid=436817 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.482:15209318): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.482:15209318): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.482:15209318): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:1a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.482:15209318): cwd=\"/var/lib/docker/rootfs/overlayfs/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.482:15209318): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.482:15209318): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=436828 pid=436838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.468:15209317): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653936633066363732333364313066633037323866393232"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.468:15209317): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.468:15209317): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.468:15209317): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.468:15209317): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3715059439\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/1cb730e7526ca47cd7cefa409e93f645b9ecc4319dc2b69ab6eaeb9b6c8a557b.pid\" a14=\"7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.468:15209317): arch=c000003e syscall=59 success=yes exit=0 a0=c00026ada0 a1=c0002b1c00 a2=c0002b1c80 a3=0 items=2 ppid=3913 pid=436828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.434:15209316): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.434:15209316): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.434:15209316): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.434:15209316): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.434:15209316): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.434:15209316): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436790 pid=436807 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.433:15209315): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.433:15209315): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.433:15209315): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:c8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.433:15209315): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.433:15209315): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.433:15209315): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436791 pid=436805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.419:15209314): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.419:15209314): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.419:15209314): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.419:15209314): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.419:15209314): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1365099995\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/ede88af30f6d2133b6000adbbe380ff2f0de3a4b84963518a00bce273e62726f.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.419:15209314): arch=c000003e syscall=59 success=yes exit=0 a0=c000389db0 a1=c000358200 a2=c000358300 a3=0 items=2 ppid=3630 pid=436791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766379.418:15209313): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.418:15209313): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766379.418:15209313): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766379.418:15209313): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766379.418:15209313): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2094586393\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/983bd89476077561910692c54696723397e66faa0f70d686a3f5c06bf6dd6fbb.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766379.418:15209313): arch=c000003e syscall=59 success=yes exit=0 a0=c0001dd030 a1=c00036b500 a2=c00036b580 a3=0 items=2 ppid=3223 pid=436790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.933:15209312): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.933:15209312): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.933:15209312): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.933:15209312): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.933:15209312): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.933:15209312): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.933:15209312): arch=c000003e syscall=59 success=yes exit=0 a0=776d74ffb288 a1=776d74ffb1e8 a2=776d74ffb208 a3=0 items=2 ppid=4000 pid=436782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.930:15209311): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.930:15209311): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.930:15209311): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.930:15209311): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.930:15209311): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.930:15209311): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.930:15209311): arch=c000003e syscall=59 success=yes exit=0 a0=c000190f38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=4000 pid=436782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.884:15209310): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.884:15209310): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.884:15209310): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.884:15209310): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.884:15209310): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.884:15209310): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436769 pid=436780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.869:15209309): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.869:15209309): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.869:15209309): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.869:15209309): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.869:15209309): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1716975473\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/39afc54819a88499b066ade59278d092b7f0086e779eaa2b1c7ac06906877fc6.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.869:15209309): arch=c000003e syscall=59 success=yes exit=0 a0=c000335380 a1=c000308e80 a2=c000308f00 a3=0 items=2 ppid=4000 pid=436769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.390:15209308): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.390:15209308): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.390:15209308): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.390:15209308): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.390:15209308): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.390:15209308): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.390:15209308): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cd80 a1=c000022ac0 a2=c000170ab0 a3=0 items=2 ppid=436746 pid=436759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209307): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209307): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209307): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209307): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.356:15209307): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.356:15209307): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209307): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209306): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209306): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209306): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209306): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209305): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209305): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209305): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209305): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209304): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209304): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209304): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209304): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209303): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209303): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209303): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209303): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209302): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209302): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209302): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209302): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.356:15209301): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.356:15209301): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.356:15209301): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.356:15209301): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209300): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209300): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209300): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209300): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.353:15209300): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.353:15209300): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209300): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209299): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209299): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209299): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209299): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209298): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209298): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209298): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209298): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209297): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209297): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209297): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209297): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209296): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209296): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209296): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209296): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209295): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209295): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209295): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209295): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.353:15209294): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.353:15209294): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.353:15209294): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.353:15209294): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b000 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209293): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209293): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209293): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209293): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.350:15209293): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.350:15209293): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209293): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209292): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209292): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209292): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209292): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209291): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209291): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209291): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209291): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209290): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209290): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209290): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209290): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209289): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209289): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209289): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209289): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209288): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209288): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209288): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209288): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.350:15209287): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.350:15209287): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.350:15209287): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.350:15209287): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311740 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.345:15209286): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.345:15209286): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.345:15209286): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.345:15209286): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.345:15209286): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.345:15209286): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd910 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=436746 pid=436755 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.331:15209285): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.331:15209285): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.331:15209285): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.331:15209285): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.331:15209285): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process812856737\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/28960b336ba0cab7c01fb7fa6d7acc5e26a24ce572a87e60759fc610edfae713.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.331:15209285): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a6ec0 a1=c00026a580 a2=c00026a600 a3=0 items=2 ppid=3416 pid=436746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209284): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209284): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209284): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209284): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.092:15209284): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.092:15209284): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209284): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209283): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209283): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209283): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209283): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209282): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209282): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209282): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209282): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209281): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209281): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209281): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209281): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209280): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209280): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209280): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209280): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209279): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209279): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209279): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209279): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.092:15209278): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.092:15209278): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.092:15209278): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.092:15209278): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e3a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209277): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209277): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209277): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209277): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.089:15209277): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.089:15209277): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209277): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209276): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209276): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209276): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209276): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209275): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209275): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209275): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209275): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209274): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209274): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209274): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209274): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209273): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209273): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209273): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209273): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209272): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209272): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209272): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209272): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.089:15209271): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.089:15209271): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.089:15209271): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.089:15209271): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e380 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209270): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209270): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209270): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209270): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.086:15209270): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.086:15209270): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209270): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209269): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209269): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209269): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209269): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209268): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209268): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209268): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209268): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209267): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209267): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209267): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209267): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209266): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209266): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209266): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209266): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209265): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209265): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209265): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209265): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.086:15209264): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.086:15209264): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.086:15209264): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.086:15209264): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee302e340 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.050:15209263): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.050:15209263): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.050:15209263): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.050:15209263): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.050:15209263): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.050:15209263): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.050:15209263): arch=c000003e syscall=59 success=yes exit=0 a0=55a2a5233990 a1=55a2a52559c0 a2=55a2a5234860 a3=8 items=2 ppid=436734 pid=436742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.035:15209262): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.035:15209262): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.035:15209262): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.035:15209262): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.035:15209262): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.035:15209262): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.035:15209262): arch=c000003e syscall=59 success=yes exit=0 a0=55a2a5233fe0 a1=55a2a5255810 a2=55a2a52344a0 a3=8 items=2 ppid=436734 pid=436741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.026:15209261): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.026:15209261): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.026:15209261): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.026:15209261): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.026:15209261): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.026:15209261): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.026:15209261): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.026:15209261): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=436710 pid=436734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.021:15209260): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A38383838"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.021:15209260): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.021:15209260): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.021:15209260): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.021:15209260): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.021:15209260): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.021:15209260): arch=c000003e syscall=59 success=yes exit=0 a0=756b7ee42430 a1=756b7ee423a8 a2=756b7ee423d0 a3=0 items=2 ppid=436722 pid=436740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766378.018:15209259): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.018:15209259): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766378.018:15209259): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766378.018:15209259): cwd=\"/\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766378.018:15209259): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766378.018:15209259): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766378.018:15209259): arch=c000003e syscall=59 success=yes exit=0 a0=c00017af68 a1=c000022aa0 a2=c0000ba320 a3=0 items=2 ppid=436704 pid=436722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.985:15209258): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.985:15209258): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.985:15209258): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.985:15209258): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.985:15209258): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.985:15209258): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436710 pid=436730 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.972:15209257): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.972:15209257): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.972:15209257): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.972:15209257): cwd=\"/var/lib/docker/rootfs/overlayfs/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.972:15209257): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.972:15209257): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436704 pid=436714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.967:15209256): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.967:15209256): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.967:15209256): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.967:15209256): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.967:15209256): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process672598519\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/abd2ee7d3175bff974e952c0485b6e1e313bf013582e778e24b7ff19d2fb030c.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.967:15209256): arch=c000003e syscall=59 success=yes exit=0 a0=c00041edc0 a1=c000470e00 a2=c000470e80 a3=0 items=2 ppid=4475 pid=436710 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.956:15209255): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623265333734333432316566333831336335656365616131"}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.956:15209255): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.956:15209255): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.956:15209255): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.956:15209255): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1274312\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/9cc94cd49f1c1de96508fc1014b3fec9f4b0476430184ecc6a006831ee6bc4c2.pid\" a14=\"ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-05-02T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.956:15209255): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b4c70 a1=c000174200 a2=c000174280 a3=0 items=2 ppid=2932 pid=436704 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.720:15209254): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.720:15209254): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.720:15209254): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.720:15209254): cwd=\"/\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.720:15209254): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.720:15209254): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.720:15209254): arch=c000003e syscall=59 success=yes exit=0 a0=7d1c3e8fb4c0 a1=7d1c3e8fb420 a2=7d1c3e8fb450 a3=8 items=2 ppid=436696 pid=436703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.712:15209253): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.712:15209253): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.712:15209253): item=0 name=\"/bin/sh\" inode=6699356 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.712:15209253): cwd=\"/\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.712:15209253): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.712:15209253): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.712:15209253): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af48 a1=c000022ac0 a2=c000090060 a3=0 items=2 ppid=436684 pid=436696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.668:15209252): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.668:15209252): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.668:15209252): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.668:15209252): cwd=\"/var/lib/docker/rootfs/overlayfs/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.668:15209252): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.668:15209252): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436684 pid=436693 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.652:15209251): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30626366346231376338356465646162373838653863396539"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.652:15209251): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.652:15209251): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.652:15209251): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.652:15209251): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3576459248\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/40112a59e5676b86ebef5643e09967eee5dd19302e13461d52893d2ecc239913.pid\" a14=\"0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.652:15209251): arch=c000003e syscall=59 success=yes exit=0 a0=c00033ad70 a1=c000336b00 a2=c000336b80 a3=0 items=2 ppid=2498510 pid=436684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.519:15209250): proctitle=636C616D647363616E002D2D76657273696F6E"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.519:15209250): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6689254 dev=00:30 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.519:15209250): item=0 name=\"/usr/bin/clamdscan\" inode=6714733 dev=00:30 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.519:15209250): cwd=\"/\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.519:15209250): argc=2 a0=\"clamdscan\" a1=\"--version\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.519:15209250): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.519:15209250): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c000119350 a2=c0000cb950 a3=0 items=2 ppid=3012723 pid=436676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"clamdscan\" exe=\"/usr/bin/clamdscan\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.491:15209249): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383838382F"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.491:15209249): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.491:15209249): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.491:15209249): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.491:15209249): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888/\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.491:15209249): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.491:15209249): arch=c000003e syscall=59 success=yes exit=0 a0=7ceb171c3400 a1=7ceb171c33a8 a2=7ceb171c33d0 a3=8080808080808080 items=2 ppid=436657 pid=436683 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.489:15209248): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383333332F6865616C74687A"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.489:15209248): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.489:15209248): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.489:15209248): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.489:15209248): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8333/healthz\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.489:15209248): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.489:15209248): arch=c000003e syscall=59 success=yes exit=0 a0=779a80cb8408 a1=779a80cb83b0 a2=779a80cb83d8 a3=8080808080808080 items=2 ppid=436647 pid=436682 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.487:15209247): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.487:15209247): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.487:15209247): item=0 name=\"/bin/sh\" inode=3454556 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.487:15209247): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.487:15209247): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.487:15209247): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.487:15209247): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=436626 pid=436657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.485:15209246): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.485:15209246): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.485:15209246): item=0 name=\"/bin/sh\" inode=3454556 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.485:15209246): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.485:15209246): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.485:15209246): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.485:15209246): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=436625 pid=436647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.470:15209245): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.470:15209245): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.470:15209245): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:1a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.470:15209245): cwd=\"/var/lib/docker/rootfs/overlayfs/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.470:15209245): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.470:15209245): arch=c000003e syscall=59 success=yes exit=0 a0=c000173860 a1=c000177338 a2=c000179c40 a3=0 items=2 ppid=436658 pid=436673 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.449:15209244): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36306261353138663961356637303136616464313133333135"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.449:15209244): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.449:15209244): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.449:15209244): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.449:15209244): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1709234684\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/5b148b5674cce0c41d8790ad46af8ffc7a32ab53cb34744f33296538a0bdb358.pid\" a14=\"60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.449:15209244): arch=c000003e syscall=59 success=yes exit=0 a0=c000388810 a1=c00031c000 a2=c00031d400 a3=0 items=2 ppid=3012723 pid=436658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.438:15209243): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.438:15209243): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.438:15209243): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.438:15209243): cwd=\"/var/lib/docker/rootfs/overlayfs/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.438:15209243): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.438:15209243): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3820 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=436626 pid=436649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.432:15209242): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.432:15209242): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.432:15209242): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.432:15209242): cwd=\"/var/lib/docker/rootfs/overlayfs/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.432:15209242): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.432:15209242): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=436625 pid=436641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.422:15209241): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63343831303333393135303137313863316533336566633131"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.422:15209241): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.422:15209241): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.422:15209241): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.422:15209241): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2415934737\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/1d47c94ad55a89df4fe1c18004f8ad3ee26332e35914487b8d7207c148386152.pid\" a14=\"c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.422:15209241): arch=c000003e syscall=59 success=yes exit=0 a0=c00014f550 a1=c00010d080 a2=c00010d100 a3=0 items=2 ppid=2592 pid=436626 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.416:15209240): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33386137383465623439653837373836333562386661316434"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.416:15209240): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.416:15209240): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.416:15209240): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.416:15209240): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process500004189\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/7a5ba65d98bc33f2b47acd1a722e6bbac28e74591b6d85887042d509280ce1d0.pid\" a14=\"38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.416:15209240): arch=c000003e syscall=59 success=yes exit=0 a0=c0002d4ae0 a1=c0002b7800 a2=c0002b7880 a3=0 items=2 ppid=2395 pid=436625 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.119:15209239): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.119:15209239): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.119:15209239): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.119:15209239): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.119:15209239): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.119:15209239): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.119:15209239): arch=c000003e syscall=59 success=yes exit=0 a0=634d78ba1758 a1=634d5ea66990 a2=634d78ba16e8 a3=8 items=2 ppid=436618 pid=436624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.114:15209238): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.114:15209238): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.114:15209238): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.114:15209238): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.114:15209238): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.114:15209238): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.114:15209238): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8ee8 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=436602 pid=436618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209237): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209237): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209237): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209237): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.076:15209237): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.076:15209237): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209237): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209236): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209236): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209236): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209236): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209235): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209235): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209235): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209235): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209234): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209234): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209234): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209234): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209233): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209233): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209233): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209233): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.076:15209232): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.076:15209232): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.076:15209232): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.076:15209232): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.075:15209231): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.075:15209231): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.075:15209231): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.075:15209231): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209230): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209230): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209230): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209230): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.072:15209230): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.072:15209230): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209230): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209229): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209229): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209229): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209229): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209228): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209228): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209228): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209228): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209227): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209227): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209227): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209227): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209226): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209226): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209226): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209226): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209225): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209225): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209225): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209225): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209224): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209224): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209224): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209224): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.072:15209224): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209224): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436602 pid=436613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.072:15209223): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.072:15209223): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.072:15209223): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.072:15209223): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209222): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209222): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209222): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209222): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.069:15209222): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766377.069:15209222): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209222): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209221): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209221): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209221): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209221): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209220): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209220): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209220): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209220): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209219): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209219): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209219): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209219): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209218): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209218): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209218): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209218): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209217): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209217): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209217): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209217): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.069:15209216): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.069:15209216): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.069:15209216): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.069:15209216): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460008e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766377.058:15209215): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.058:15209215): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766377.058:15209215): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766377.058:15209215): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766377.058:15209215): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3414500467\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/77f336c6999f54488c5d4550fe8f3e254ae2f93b4d2066d91a96a0dcec1a4b0f.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766377.058:15209215): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b9450 a1=c000208e00 a2=c000208e80 a3=0 items=2 ppid=4578 pid=436602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766376.761:15209214): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.761:15209214): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.761:15209214): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766376.761:15209214): cwd=\"/\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766376.761:15209214): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766376.761:15209214): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766376.761:15209214): arch=c000003e syscall=59 success=yes exit=0 a0=5bef6a7eb880 a1=5bef6a82b2a0 a2=5bef6a524970 a3=77cfd2d3be70 items=2 ppid=436592 pid=436599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766376.721:15209213): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.721:15209213): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.721:15209213): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.721:15209213): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766376.721:15209213): cwd=\"/\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766376.721:15209213): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766376.721:15209213): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766376.721:15209213): arch=c000003e syscall=59 success=yes exit=0 a0=5aa1c26d2640 a1=5aa1b7c659a8 a2=5aa1c26d25d8 a3=8 items=3 ppid=436592 pid=436599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766376.714:15209212): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.714:15209212): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.714:15209212): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766376.714:15209212): cwd=\"/\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766376.714:15209212): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766376.714:15209212): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766376.714:15209212): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c000090120 a3=0 items=2 ppid=4084 pid=436592 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766376.662:15209211): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.662:15209211): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.662:15209211): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766376.662:15209211): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766376.662:15209211): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766376.662:15209211): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436580 pid=436589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766376.648:15209210): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.648:15209210): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766376.648:15209210): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766376.648:15209210): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766376.648:15209210): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1956504185\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/5fbe0eb10f4062e2fb3cd10f19217acf06274d67d16fcd7c6fe21db66d445d54.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766376.648:15209210): arch=c000003e syscall=59 success=yes exit=0 a0=c0003f6250 a1=c0002f3000 a2=c0002f3080 a3=0 items=2 ppid=4084 pid=436580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.301:15209209): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A333030302F"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.301:15209209): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.301:15209209): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.301:15209209): cwd=\"/data/docuseal\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.301:15209209): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:3000/\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766375.301:15209209): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.301:15209209): arch=c000003e syscall=59 success=yes exit=0 a0=74bb3624e558 a1=74bb3624e478 a2=74bb3624e4a0 a3=74bb362496a4 items=2 ppid=436570 pid=436576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.297:15209208): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.297:15209208): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.297:15209208): item=0 name=\"/bin/sh\" inode=6699356 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.297:15209208): cwd=\"/data/docuseal\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.297:15209208): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766375.297:15209208): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.297:15209208): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f98 a1=c000022680 a2=c0000bf290 a3=0 items=2 ppid=436558 pid=436570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.246:15209207): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.246:15209207): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.246:15209207): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.246:15209207): cwd=\"/var/lib/docker/rootfs/overlayfs/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.246:15209207): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.246:15209207): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436558 pid=436568 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.230:15209206): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35346232396663306536366564393235306162333462303263"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.230:15209206): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.230:15209206): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.230:15209206): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.230:15209206): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2053736022\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/104b17ceb71a50f189e17e42cc30c055869ae6d0b0cd1ca1232b4bc541cc3b08.pid\" a14=\"54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.230:15209206): arch=c000003e syscall=59 success=yes exit=0 a0=c000378410 a1=c0001fe000 a2=c0001fe080 a3=0 items=2 ppid=4356 pid=436558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.111:15209205): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.111:15209205): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.111:15209205): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.111:15209205): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.111:15209205): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766375.111:15209205): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.111:15209205): arch=c000003e syscall=59 success=yes exit=0 a0=c00019f120 a1=c000022680 a2=c00015ac00 a3=0 items=2 ppid=436540 pid=436552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.061:15209204): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.061:15209204): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.061:15209204): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.061:15209204): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.061:15209204): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.061:15209204): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436540 pid=436550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766375.047:15209203): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.047:15209203): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766375.047:15209203): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766375.047:15209203): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766375.047:15209203): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3022428126\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/8be64bca142d309371d808501ea3fe94ad88c0d3153f5aa87d07cbe46ca2fec3.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-05-02T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766375.047:15209203): arch=c000003e syscall=59 success=yes exit=0 a0=c000332fb0 a1=c0002b5d80 a2=c0002b5e00 a3=0 items=2 ppid=4527 pid=436540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.398:15209202): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.398:15209202): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.398:15209202): item=0 name=\"/bin/cat\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.398:15209202): cwd=\"/\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.398:15209202): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.398:15209202): arch=c000003e syscall=59 success=yes exit=0 a0=634b45c60c50 a1=634b45c5f758 a2=634b45c60bb8 a3=4 items=2 ppid=436529 pid=436535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.390:15209201): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.390:15209201): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.390:15209201): item=0 name=\"/bin/sh\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.390:15209201): cwd=\"/\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.390:15209201): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.390:15209201): arch=c000003e syscall=59 success=yes exit=0 a0=c0000e5cc8 a1=c0000224e0 a2=c00018ce10 a3=0 items=2 ppid=3980 pid=436529 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.379:15209200): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.379:15209200): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.379:15209200): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.379:15209200): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.379:15209200): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766374.379:15209200): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.379:15209200): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=436478 pid=436491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.358:15209199): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.358:15209199): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.358:15209199): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:1a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.358:15209199): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.358:15209199): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.358:15209199): arch=c000003e syscall=59 success=yes exit=0 a0=c00009f140 a1=c0000a8210 a2=c0000c6280 a3=0 items=2 ppid=436498 pid=436518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.352:15209198): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.352:15209198): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.352:15209198): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.352:15209198): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.352:15209198): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.352:15209198): arch=c000003e syscall=59 success=yes exit=0 a0=c0000ac010 a1=c0000b2000 a2=c0000b4000 a3=0 items=2 ppid=436497 pid=436514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.334:15209197): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.334:15209197): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.334:15209197): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.334:15209197): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.334:15209197): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3408726114\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/b13d2b133382fa5fe6e3e1700a770b0fb51dd8381a125e429609cc4b15f39787.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.334:15209197): arch=c000003e syscall=59 success=yes exit=0 a0=c0000998a0 a1=c00017e080 a2=c00017e100 a3=0 items=2 ppid=3980 pid=436498 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.333:15209196): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.333:15209196): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.333:15209196): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.333:15209196): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.333:15209196): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process105051883\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/e621300dcfe84269382671cc3e3774407b307a742423d6408a18712f0380f9c5.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.333:15209196): arch=c000003e syscall=59 success=yes exit=0 a0=c000316910 a1=c000349580 a2=c000174000 a3=0 items=2 ppid=3214 pid=436497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.320:15209195): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.320:15209195): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.320:15209195): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.320:15209195): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.320:15209195): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.320:15209195): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=436478 pid=436487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766374.303:15209194): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.303:15209194): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766374.303:15209194): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766374.303:15209194): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766374.303:15209194): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1606702058\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/1cf00962b88c424482a2bffbf14f6e14b4200555d81a41ebce5f1f961c988b2c.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766374.303:15209194): arch=c000003e syscall=59 success=yes exit=0 a0=c0003de6b0 a1=c000155480 a2=c000155500 a3=0 items=2 ppid=2767 pid=436478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.585:15209193): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.585:15209193): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.585:15209193): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.585:15209193): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.585:15209193): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.585:15209193): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.585:15209193): arch=c000003e syscall=59 success=yes exit=0 a0=5e94754909a0 a1=5e9475491280 a2=5e947548d300 a3=8 items=2 ppid=436474 pid=436476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.585:15209192): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.585:15209192): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.585:15209192): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.585:15209192): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.585:15209192): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.585:15209192): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.585:15209192): arch=c000003e syscall=59 success=yes exit=0 a0=5e94754909d0 a1=5e94754912b0 a2=5e947548d300 a3=8 items=2 ppid=436474 pid=436475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.578:15209191): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.578:15209191): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.578:15209191): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.578:15209191): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.578:15209191): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.578:15209191): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.578:15209191): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.578:15209191): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ade0 a2=c0000cbe00 a3=0 items=3 ppid=4295 pid=436467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.532:15209190): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.532:15209190): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.532:15209190): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.532:15209190): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.532:15209190): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.532:15209190): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=436455 pid=436464 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.519:15209189): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.519:15209189): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.519:15209189): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.519:15209189): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.519:15209189): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1772266460\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/7067dec4365370abbad077dcdaeb4ae944c8de479228f0c0eafc985326665ddd.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.519:15209189): arch=c000003e syscall=59 success=yes exit=0 a0=c00039d2b0 a1=c00033e400 a2=c00033e480 a3=0 items=2 ppid=4295 pid=436455 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.413:15209188): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.413:15209188): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.413:15209188): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.413:15209188): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.413:15209188): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:9333/cluster/status\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.413:15209188): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.413:15209188): arch=c000003e syscall=59 success=yes exit=0 a0=7936616d7420 a1=7936616d73c8 a2=7936616d73f0 a3=8080808080808080 items=2 ppid=436448 pid=436454 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.409:15209187): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.409:15209187): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.409:15209187): item=0 name=\"/bin/sh\" inode=3454556 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.409:15209187): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.409:15209187): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.409:15209187): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.409:15209187): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=436435 pid=436448 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.362:15209186): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.362:15209186): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.362:15209186): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.362:15209186): cwd=\"/var/lib/docker/rootfs/overlayfs/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.362:15209186): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.362:15209186): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=436435 pid=436444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.348:15209185): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39363132653961396364303562323963623265653365636361"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.348:15209185): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.348:15209185): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.348:15209185): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.348:15209185): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1081548246\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/aaa15f62a8c42a7bd36f2b298a36eafe2ab5bba07cd5527fcea6856f48290e99.pid\" a14=\"9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.348:15209185): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b7240 a1=c000133200 a2=c000133280 a3=0 items=2 ppid=2304 pid=436435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.228:15209184): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.228:15209184): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.228:15209184): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.228:15209184): cwd=\"/\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.228:15209184): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.228:15209184): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.228:15209184): arch=c000003e syscall=59 success=yes exit=0 a0=5a9c044e58d0 a1=5a9c044281d0 a2=5a9c04214970 a3=7d2aac685e70 items=2 ppid=436427 pid=436433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.190:15209183): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.190:15209183): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.190:15209183): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.190:15209183): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.190:15209183): cwd=\"/\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.190:15209183): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.190:15209183): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.190:15209183): arch=c000003e syscall=59 success=yes exit=0 a0=61f61e093678 a1=61f61e0935e0 a2=61f61e093610 a3=8 items=3 ppid=436427 pid=436433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.185:15209182): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.185:15209182): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.185:15209182): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.185:15209182): cwd=\"/\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.185:15209182): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.185:15209182): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.185:15209182): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=436414 pid=436427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.144:15209181): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.144:15209181): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.144:15209181): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.144:15209181): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.144:15209181): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.144:15209181): arch=c000003e syscall=59 success=yes exit=0 a0=c000173830 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=436414 pid=436424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.129:15209180): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.129:15209180): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.129:15209180): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.129:15209180): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.129:15209180): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1646326518\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/5549f61aabc8b71b7bda9ae7ccb29be105b555701411a8a46b8ae31316ac7a2b.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.129:15209180): arch=c000003e syscall=59 success=yes exit=0 a0=c000341200 a1=c000384c80 a2=c000384d00 a3=0 items=2 ppid=4402 pid=436414 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.031:15209179): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.031:15209179): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.031:15209179): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.031:15209179): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.031:15209179): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.031:15209179): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.031:15209179): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=436375 pid=436401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766373.026:15209178): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.026:15209178): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766373.026:15209178): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766373.026:15209178): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766373.026:15209178): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766373.026:15209178): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766373.026:15209178): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=3759 pid=436402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.984:15209177): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.984:15209177): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.984:15209177): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.984:15209177): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.984:15209177): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.984:15209177): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=436374 pid=436397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.983:15209176): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.983:15209176): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.983:15209176): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:c8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.983:15209176): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.983:15209176): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.983:15209176): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=436375 pid=436389 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.969:15209175): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.969:15209175): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.969:15209175): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.969:15209175): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.969:15209175): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3690743142\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/966fd2e3713a6fd99c5aebc4eb8ddb341df6037875a5e62a93edbce8f7b56c8a.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.969:15209175): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ec140 a1=c00036a500 a2=c00036a600 a3=0 items=2 ppid=2638 pid=436375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.969:15209174): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.969:15209174): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.969:15209174): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.969:15209174): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.969:15209174): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process295165500\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/418b0c8ae5e35909478c2fce03dd8b650e4bc20cd3b3fa455c704886f34b43e9.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.969:15209174): arch=c000003e syscall=59 success=yes exit=0 a0=c0003fa3d0 a1=c0002b5500 a2=c0002b5580 a3=0 items=2 ppid=3759 pid=436374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.876:15209173): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.876:15209173): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.876:15209173): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.876:15209173): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.876:15209173): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.876:15209173): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.876:15209173): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c0000a7350 a2=c0001631c0 a3=0 items=2 ppid=436354 pid=436367 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.829:15209172): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.829:15209172): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.829:15209172): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.829:15209172): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.829:15209172): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.829:15209172): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=436354 pid=436364 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.814:15209171): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.814:15209171): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.814:15209171): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.814:15209171): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.814:15209171): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3705577765\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/dd1dfe602f78da741b0fab3e66e0cc9f1dc83dc8a648d02d77705eb1653b3a64.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.814:15209171): arch=c000003e syscall=59 success=yes exit=0 a0=c000185c00 a1=c000394180 a2=c000394500 a3=0 items=2 ppid=3571 pid=436354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.587:15209170): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.587:15209170): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.587:15209170): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.587:15209170): cwd=\"/\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.587:15209170): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.587:15209170): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.587:15209170): arch=c000003e syscall=59 success=yes exit=0 a0=7b9f8493c278 a1=7b9f8493c1d8 a2=7b9f8493c1f8 a3=8080808080808080 items=2 ppid=436312 pid=436340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.580:15209169): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.580:15209169): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.580:15209169): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.580:15209169): cwd=\"/\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.580:15209169): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.580:15209169): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.580:15209169): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=436312 pid=436340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.578:15209168): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.578:15209168): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.578:15209168): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.578:15209168): cwd=\"/\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.578:15209168): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.578:15209168): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.578:15209168): arch=c000003e syscall=59 success=yes exit=0 a0=7b91bc3253f8 a1=7b91bc325290 a2=7b91bc325378 a3=0 items=2 ppid=436313 pid=436338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.573:15209167): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.573:15209167): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.573:15209167): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.573:15209167): cwd=\"/\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.573:15209167): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.573:15209167): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.573:15209167): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=436313 pid=436338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.505:15209166): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.505:15209166): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.505:15209166): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.505:15209166): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.505:15209166): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.505:15209166): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=436312 pid=436335 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.503:15209165): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.503:15209165): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.503:15209165): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:c8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.503:15209165): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.503:15209165): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.503:15209165): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436313 pid=436328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.485:15209164): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.485:15209164): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.485:15209164): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.485:15209164): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.485:15209164): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3361943779\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/f55f4a1bae72824896ff51ae0f40aa41a29809c0f7c9d822d688c595bcd22f06.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.485:15209164): arch=c000003e syscall=59 success=yes exit=0 a0=c00048d130 a1=c0002a5d00 a2=c0002a5d80 a3=0 items=2 ppid=3688 pid=436313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.484:15209163): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.484:15209163): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.484:15209163): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.484:15209163): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.484:15209163): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2819591601\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/ba42e6d078f1df4a51d95d7a65d0e7a210eb5a3c6f2ce4382174184bd6816a06.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.484:15209163): arch=c000003e syscall=59 success=yes exit=0 a0=c0000c7df0 a1=c00051e180 a2=c00051e200 a3=0 items=2 ppid=3558 pid=436312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.450:15209162): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.450:15209162): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.450:15209162): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.450:15209162): cwd=\"/var/lib/docker/rootfs/overlayfs/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.450:15209162): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.450:15209162): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436294 pid=436303 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.435:15209161): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62366565663533353530356335623539373835383964626261"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.435:15209161): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.435:15209161): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.435:15209161): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.435:15209161): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3779542331\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/8cc062d2e47c253e6b6f62c8f2d11e64faa69e183de19e81ddf3982cf6e268ef.pid\" a14=\"b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.435:15209161): arch=c000003e syscall=59 success=yes exit=0 a0=c000268a50 a1=c00040a180 a2=c00040a200 a3=0 items=2 ppid=3802 pid=436294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.325:15209160): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.325:15209160): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.325:15209160): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.325:15209160): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.325:15209160): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.325:15209160): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.325:15209160): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209159): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209159): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209159): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209159): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209158): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209158): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209158): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209158): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209157): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209157): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209157): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209157): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209156): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209156): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209156): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209156): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209155): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209155): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209155): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209155): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.324:15209154): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.324:15209154): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.324:15209154): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.324:15209154): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b060 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209153): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209153): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209153): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209153): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.321:15209153): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.321:15209153): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209153): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209152): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209152): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209152): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209152): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209151): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209151): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209151): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209151): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209150): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209150): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209150): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209150): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209149): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209149): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209149): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209149): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.321:15209148): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.321:15209148): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.321:15209148): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.321:15209148): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.320:15209147): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.320:15209147): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.320:15209147): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.320:15209147): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e944b040 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.318:15209146): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.318:15209146): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.318:15209146): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.318:15209146): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.318:15209146): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.318:15209146): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.318:15209146): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.318:15209145): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.318:15209145): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.318:15209145): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.318:15209145): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.318:15209144): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.318:15209144): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.318:15209144): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.318:15209144): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.317:15209143): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.317:15209143): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.317:15209143): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.317:15209143): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.317:15209142): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.317:15209142): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.317:15209142): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.317:15209142): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.317:15209141): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.317:15209141): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.317:15209141): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.317:15209141): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.317:15209140): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.317:15209140): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.317:15209140): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.317:15209140): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311720 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=436286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.298:15209139): proctitle=746F66750076657273696F6E"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.298:15209139): item=0 name=\"/usr/local/bin/tofu\" inode=6721579 dev=00:43 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.298:15209139): cwd=\"/tofu\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.298:15209139): argc=2 a0=\"tofu\" a1=\"version\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.298:15209139): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.298:15209139): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271d0 a1=c00009f350 a2=c000022680 a3=0 items=1 ppid=3089 pid=436275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tofu\" exe=\"/usr/local/bin/tofu\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.252:15209138): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.252:15209138): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.252:15209138): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.252:15209138): cwd=\"/var/lib/docker/rootfs/overlayfs/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.252:15209138): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.252:15209138): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc00 a3=0 items=2 ppid=436263 pid=436272 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.239:15209137): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31303030346630313163626364316165663065343836303634"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.239:15209137): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.239:15209137): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.239:15209137): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.239:15209137): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1397043178\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/2ca7fcc1a1e75a058bdb12a60eba14ecc500375c5971cd8f8d62df33d274f122.pid\" a14=\"10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.239:15209137): arch=c000003e syscall=59 success=yes exit=0 a0=c0003666f0 a1=c0003b9980 a2=c0003b9a00 a3=0 items=2 ppid=3089 pid=436263 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.057:15209136): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.057:15209136): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.057:15209136): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.057:15209136): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.057:15209136): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.057:15209136): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.057:15209136): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209135): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209135): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209135): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209135): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209134): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209134): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209134): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209134): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209133): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209133): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209133): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209133): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209132): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209132): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209132): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209132): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209131): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209131): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209131): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209131): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.056:15209130): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.056:15209130): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.056:15209130): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.056:15209130): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3026fe0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209129): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209129): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209129): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209129): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.053:15209129): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.053:15209129): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209129): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209128): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209128): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209128): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209128): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209127): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209127): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209127): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209127): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209126): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209126): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209126): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209126): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209125): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209125): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209125): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209125): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209124): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209124): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209124): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209124): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.053:15209123): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.053:15209123): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.053:15209123): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.053:15209123): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612800 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209122): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209122): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209122): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209122): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766372.050:15209122): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766372.050:15209122): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209122): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209121): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209121): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209121): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209121): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209120): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209120): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209120): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209120): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209119): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209119): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209119): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209119): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209118): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209118): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209118): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209118): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.050:15209117): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.050:15209117): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.050:15209117): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.050:15209117): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766372.049:15209116): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766372.049:15209116): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766372.049:15209116): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766372.049:15209116): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=436260 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.629:15209115): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.629:15209115): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.629:15209115): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.629:15209115): cwd=\"/var/lib/docker/rootfs/overlayfs/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766371.629:15209115): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.629:15209115): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436241 pid=436250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.613:15209114): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383635373230393839346635366633363430323132643732"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.613:15209114): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.613:15209114): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.613:15209114): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766371.613:15209114): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2236852029\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/2ca9dacda18219f2b2863d952af05ff1ffa55c65c2a94c28fd49747b0bf7279e.pid\" a14=\"d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.613:15209114): arch=c000003e syscall=59 success=yes exit=0 a0=c0000109f0 a1=c0002aa780 a2=c0002aa880 a3=0 items=2 ppid=4279 pid=436241 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209113): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209113): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209113): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209113): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766371.038:15209113): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766371.038:15209113): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209113): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209112): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209112): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209112): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209112): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209111): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209111): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209111): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209111): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209110): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209110): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209110): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209110): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209109): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209109): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209109): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209109): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209108): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209108): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209108): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209108): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.038:15209107): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.038:15209107): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.038:15209107): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.038:15209107): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800160 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.036:15209106): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.036:15209106): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.036:15209106): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.036:15209106): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766371.036:15209106): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766371.036:15209106): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.036:15209106): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209105): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209105): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209105): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209105): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209104): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209104): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209104): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209104): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209103): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209103): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209103): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209103): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209102): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209102): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209102): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209102): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209101): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209101): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209101): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209101): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.035:15209100): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.035:15209100): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.035:15209100): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.035:15209100): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209099): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209099): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209099): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209099): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766371.032:15209099): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766371.032:15209099): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209099): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209098): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209098): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209098): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209098): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209097): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209097): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209097): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209097): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209096): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209096): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209096): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209096): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209095): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209095): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209095): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209095): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209094): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209094): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209094): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209094): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766371.032:15209093): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766371.032:15209093): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766371.032:15209093): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766371.032:15209093): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800640 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=436238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.461:15209092): proctitle=77676574002D2D737069646572002D7100687474703A2F2F6C6F63616C686F73742F"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.461:15209092): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:55 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.461:15209092): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:55 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.461:15209092): cwd=\"/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.461:15209092): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://localhost/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766370.461:15209092): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.461:15209092): arch=c000003e syscall=59 success=yes exit=0 a0=c00019efe0 a1=c0000cb920 a2=c000156320 a3=0 items=2 ppid=436217 pid=436229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.412:15209091): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.412:15209091): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.412:15209091): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.412:15209091): cwd=\"/var/lib/docker/rootfs/overlayfs/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.412:15209091): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.412:15209091): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436217 pid=436226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.395:15209090): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63393032383634376464366537633338653134646162613437"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.395:15209090): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.395:15209090): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.395:15209090): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.395:15209090): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process164975038\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/a5e595d2a93c20e1d5e9b7c51ea9dc615c226c16f924a657a7866382c6a0ead7.pid\" a14=\"c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.395:15209090): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b09e0 a1=c0002a0800 a2=c0002a0a00 a3=0 items=2 ppid=3998 pid=436217 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.353:15209089): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.353:15209089): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.353:15209089): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.353:15209089): cwd=\"/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.353:15209089): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766370.353:15209089): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.353:15209089): arch=c000003e syscall=59 success=yes exit=0 a0=7a58de7ae278 a1=7a58de7ae1d8 a2=7a58de7ae1f8 a3=8080808080808080 items=2 ppid=3626 pid=436209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.349:15209088): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.349:15209088): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.349:15209088): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.349:15209088): cwd=\"/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.349:15209088): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766370.349:15209088): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.349:15209088): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=3626 pid=436209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.320:15209087): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.320:15209087): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.320:15209087): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.320:15209087): cwd=\"/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.320:15209087): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766370.320:15209087): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.320:15209087): arch=c000003e syscall=59 success=yes exit=0 a0=7717e06523f8 a1=7717e0652278 a2=7717e0652378 a3=0 items=2 ppid=3652 pid=436189 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.317:15209086): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.317:15209086): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.317:15209086): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.317:15209086): cwd=\"/\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.317:15209086): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766370.317:15209086): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.317:15209086): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=3652 pid=436189 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.304:15209085): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.304:15209085): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.304:15209085): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.304:15209085): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.304:15209085): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.304:15209085): arch=c000003e syscall=59 success=yes exit=0 a0=c00017d840 a1=c000181338 a2=c000183c40 a3=0 items=2 ppid=436195 pid=436204 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.290:15209084): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.290:15209084): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.290:15209084): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.290:15209084): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.290:15209084): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2753714906\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/ffebde2caec3ce75f383413fb374ecbefd81dd08eb3bd692dff7cbac62f5a85a.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.290:15209084): arch=c000003e syscall=59 success=yes exit=0 a0=c0001765e0 a1=c000386200 a2=c000386280 a3=0 items=2 ppid=3626 pid=436195 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.270:15209083): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.270:15209083): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.270:15209083): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.270:15209083): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.270:15209083): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.270:15209083): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=436176 pid=436186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766370.255:15209082): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.255:15209082): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766370.255:15209082): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766370.255:15209082): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766370.255:15209082): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1360100798\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/b2b2bf459ea3bbef93f7ca3b0a773fe35a9ca4f73e6de930b36d5b0e8c6d9d25.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766370.255:15209082): arch=c000003e syscall=59 success=yes exit=0 a0=c00052b350 a1=c000209700 a2=c000209780 a3=0 items=2 ppid=3652 pid=436176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.610:15209081): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.610:15209081): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.610:15209081): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.610:15209081): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.610:15209081): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.610:15209081): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.610:15209081): arch=c000003e syscall=59 success=yes exit=0 a0=618c4a467c68 a1=618c4a4678f8 a2=618c4a467ba8 a3=8 items=2 ppid=436159 pid=436165 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.606:15209080): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.606:15209080): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.606:15209080): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.606:15209080): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.606:15209080): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.606:15209080): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.606:15209080): arch=c000003e syscall=59 success=yes exit=0 a0=c00018eed8 a1=c000022ac0 a2=c000120240 a3=0 items=2 ppid=4094 pid=436159 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.551:15209079): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.551:15209079): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.551:15209079): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.551:15209079): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.551:15209079): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.551:15209079): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458b0 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=436146 pid=436155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.533:15209078): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.533:15209078): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.533:15209078): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.533:15209078): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.533:15209078): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3290169905\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/0758b4b34717e6b4768f34c799ca2ab752597bccdfdd24299aac14a835c2b3ca.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.533:15209078): arch=c000003e syscall=59 success=yes exit=0 a0=c000375930 a1=c0002e4c00 a2=c0002e4c80 a3=0 items=2 ppid=4094 pid=436146 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.398:15209077): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.398:15209077): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.398:15209077): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.398:15209077): cwd=\"/\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.398:15209077): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.398:15209077): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.398:15209077): arch=c000003e syscall=59 success=yes exit=0 a0=74331e43b288 a1=74331e43b1e8 a2=74331e43b208 a3=0 items=2 ppid=3223 pid=436133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.397:15209076): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.397:15209076): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.397:15209076): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.397:15209076): cwd=\"/\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.397:15209076): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.397:15209076): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.397:15209076): arch=c000003e syscall=59 success=yes exit=0 a0=722a6b1df288 a1=722a6b1df1e8 a2=722a6b1df208 a3=0 items=2 ppid=3630 pid=436130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.393:15209075): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.393:15209075): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.393:15209075): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.393:15209075): cwd=\"/\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.393:15209075): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.393:15209075): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.393:15209075): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ef68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=436107 pid=436133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.393:15209074): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.393:15209074): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.393:15209074): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.393:15209074): cwd=\"/\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.393:15209074): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766369.393:15209074): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.393:15209074): arch=c000003e syscall=59 success=yes exit=0 a0=c00019cf78 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=3630 pid=436130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.335:15209073): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.335:15209073): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.335:15209073): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.335:15209073): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.335:15209073): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.335:15209073): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436107 pid=436128 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.331:15209072): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.331:15209072): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.331:15209072): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.331:15209072): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.331:15209072): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.331:15209072): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436106 pid=436120 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.319:15209071): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.319:15209071): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.319:15209071): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.319:15209071): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.319:15209071): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process380821937\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/95769682e1c068e25dc453921a3b3660ca0e6e215daba72c8026f78f288c3085.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.319:15209071): arch=c000003e syscall=59 success=yes exit=0 a0=c0001dd040 a1=c00036b500 a2=c00036b580 a3=0 items=2 ppid=3223 pid=436107 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766369.316:15209070): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.316:15209070): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766369.316:15209070): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766369.316:15209070): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766369.316:15209070): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1727712480\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/292a531f5ba202fac11096898ea104705d2955a8afb68ecb0524d0eb6d7cd3c7.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766369.316:15209070): arch=c000003e syscall=59 success=yes exit=0 a0=c000480a40 a1=c0004e4300 a2=c0004e4380 a3=0 items=2 ppid=3630 pid=436106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.851:15209069): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.851:15209069): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.851:15209069): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.851:15209069): cwd=\"/\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.851:15209069): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766368.851:15209069): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.851:15209069): arch=c000003e syscall=59 success=yes exit=0 a0=74f348c86288 a1=74f348c861e8 a2=74f348c86208 a3=0 items=2 ppid=4000 pid=436098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.848:15209068): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.848:15209068): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.848:15209068): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.848:15209068): cwd=\"/\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.848:15209068): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766368.848:15209068): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.848:15209068): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=436086 pid=436098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.798:15209067): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.798:15209067): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.798:15209067): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.798:15209067): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.798:15209067): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.798:15209067): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=436086 pid=436095 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.783:15209066): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.783:15209066): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.783:15209066): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.783:15209066): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.783:15209066): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1771069487\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/e4d5c7e4de0bb15e9f19c85d39dfd6a78760fa734051927e2ec130377f883d68.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.783:15209066): arch=c000003e syscall=59 success=yes exit=0 a0=c00035d980 a1=c0000a7880 a2=c0000a7900 a3=0 items=2 ppid=4000 pid=436086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.125:15209065): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.125:15209065): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.125:15209065): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.125:15209065): cwd=\"/var/lib/docker/rootfs/overlayfs/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.125:15209065): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.125:15209065): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=436067 pid=436076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766368.108:15209064): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353531656266356533353164363037666633343763343664"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.108:15209064): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766368.108:15209064): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766368.108:15209064): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766368.108:15209064): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1036522981\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f/7316645c9beb82c742f701c9fc69bab2758c950c4da6182a98450517e859c13d.pid\" a14=\"0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766368.108:15209064): arch=c000003e syscall=59 success=yes exit=0 a0=c00013eb20 a1=c000183b00 a2=c000183b80 a3=0 items=2 ppid=3596 pid=436067 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.944:15209063): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.944:15209063): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.944:15209063): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.944:15209063): cwd=\"/\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.944:15209063): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766367.944:15209063): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.944:15209063): arch=c000003e syscall=59 success=yes exit=0 a0=641a49228990 a1=641a4924a9c0 a2=641a49229860 a3=8 items=2 ppid=436058 pid=436066 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.930:15209062): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.930:15209062): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.930:15209062): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.930:15209062): cwd=\"/\""}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.930:15209062): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766367.930:15209062): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.930:15209062): arch=c000003e syscall=59 success=yes exit=0 a0=641a49228fe0 a1=641a4924a810 a2=641a492294a0 a3=8 items=2 ppid=436058 pid=436065 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.922:15209061): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.922:15209061): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.922:15209061): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.922:15209061): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.922:15209061): cwd=\"/\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.922:15209061): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766367.922:15209061): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.922:15209061): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c000156320 a3=0 items=3 ppid=436046 pid=436058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.859:15209060): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.859:15209060): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.859:15209060): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.859:15209060): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.859:15209060): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.859:15209060): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=436046 pid=436055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.844:15209059): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.844:15209059): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.844:15209059): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.844:15209059): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.844:15209059): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4269418171\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/bffa8971db52377d37fc744c3bb41500a78cde140e1112e13fb751684e21f8eb.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.844:15209059): arch=c000003e syscall=59 success=yes exit=0 a0=c00041e930 a1=c000470700 a2=c000470780 a3=0 items=2 ppid=4475 pid=436046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.354:15209058): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.354:15209058): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.354:15209058): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.354:15209058): cwd=\"/var/lib/docker/rootfs/overlayfs/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.354:15209058): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.354:15209058): arch=c000003e syscall=59 success=yes exit=0 a0=c0001d7870 a1=c0001db350 a2=c0001ddc40 a3=0 items=2 ppid=436027 pid=436036 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.340:15209057): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30346566616263376566613165663036393666633164646633"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.340:15209057): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.340:15209057): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.340:15209057): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.340:15209057): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3304294974\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/01a0792bb348817d97377a3543ff4b88caea984467c460161dd2bdc97cce3ada.pid\" a14=\"04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.340:15209057): arch=c000003e syscall=59 success=yes exit=0 a0=c00032a490 a1=c00026d400 a2=c0001fc000 a3=0 items=2 ppid=3624 pid=436027 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.083:15209056): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A33303030"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.083:15209056): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.083:15209056): item=0 name=\"/usr/bin/wget\" inode=7120693 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.083:15209056): cwd=\"/usr/local/src/app\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.083:15209056): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:3000\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766367.083:15209056): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.083:15209056): arch=c000003e syscall=59 success=yes exit=0 a0=5cf62e9f1830 a1=5cf62e9f1768 a2=5cf62e9f1798 a3=8 items=2 ppid=436008 pid=436025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766367.078:15209055): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A33303030207C7C20657869742031"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.078:15209055): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766367.078:15209055): item=0 name=\"/bin/sh\" inode=6955544 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766367.078:15209055): cwd=\"/usr/local/src/app\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766367.078:15209055): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A33303030207C7C20657869742031"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766367.078:15209055): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766367.078:15209055): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce50 a1=c000022ac0 a2=c00016e900 a3=0 items=2 ppid=435982 pid=436008 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.936:15209054): proctitle=6373636C69006D657472696373"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.936:15209054): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.936:15209054): cwd=\"/\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.936:15209054): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.936:15209054): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.936:15209054): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c0000a5350 a2=c0001538f0 a3=0 items=1 ppid=435976 pid=435995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.901:15209053): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.901:15209053): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.901:15209053): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.901:15209053): cwd=\"/var/lib/docker/rootfs/overlayfs/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.901:15209053): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.901:15209053): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435982 pid=436004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.891:15209052): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.891:15209052): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.891:15209052): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.891:15209052): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.891:15209052): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.891:15209052): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435976 pid=435986 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.887:15209051): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35383838656339666236323630396565373338666661336563"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.887:15209051): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.887:15209051): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.887:15209051): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.887:15209051): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2053192137\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6/bcf383b0d1c2204b45d05124e628280f92f812df31f7eff3e9b973d79f422e46.pid\" a14=\"5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.887:15209051): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a4650 a1=c000422080 a2=c000422100 a3=0 items=2 ppid=4620 pid=435982 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.875:15209050): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.875:15209050): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.875:15209050): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.875:15209050): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.875:15209050): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1074955063\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/bdbc4619294d15e9f37898135f3b5077830e789d68309c7116c9cb59f9e008a1.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.875:15209050): arch=c000003e syscall=59 success=yes exit=0 a0=c000098960 a1=c000235b80 a2=c000235c00 a3=0 items=2 ppid=3555 pid=435976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.616:15209049): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.616:15209049): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.616:15209049): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.616:15209049): cwd=\"/\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.616:15209049): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.616:15209049): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.616:15209049): arch=c000003e syscall=59 success=yes exit=0 a0=5b29f51f6540 a1=5b29f55906e0 a2=5b29f51e2970 a3=75dc43235e70 items=2 ppid=435966 pid=435972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.578:15209048): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.578:15209048): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.578:15209048): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.578:15209048): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.578:15209048): cwd=\"/\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.578:15209048): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.578:15209048): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.578:15209048): arch=c000003e syscall=59 success=yes exit=0 a0=61b2e3bfc640 a1=61b2d604d9a8 a2=61b2e3bfc5d8 a3=8 items=3 ppid=435966 pid=435972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.573:15209047): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.573:15209047): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.573:15209047): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.573:15209047): cwd=\"/\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.573:15209047): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.573:15209047): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.573:15209047): arch=c000003e syscall=59 success=yes exit=0 a0=c000196eb0 a1=c000022680 a2=c000025260 a3=0 items=2 ppid=435954 pid=435966 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.520:15209046): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.520:15209046): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.520:15209046): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.520:15209046): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.520:15209046): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.520:15209046): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=435954 pid=435963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.506:15209045): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.506:15209045): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.506:15209045): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.506:15209045): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.506:15209045): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process344830495\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/26fd4d2b144a10dc22bdf0016927bfa7ef57ed7fdbd7be95e072feaadd9807b0.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.506:15209045): arch=c000003e syscall=59 success=yes exit=0 a0=c000408c40 a1=c0002f3300 a2=c0002f3380 a3=0 items=2 ppid=4084 pid=435954 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209044): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209044): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209044): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209044): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.310:15209044): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.310:15209044): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209044): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209043): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209043): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209043): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209043): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209042): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209042): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209042): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209042): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209041): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209041): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209041): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209041): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209040): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209040): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209040): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209040): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209039): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209039): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209039): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209039): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.310:15209038): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.310:15209038): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.310:15209038): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.310:15209038): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209037): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209037): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209037): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209037): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.308:15209037): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.308:15209037): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209037): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209036): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209036): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209036): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209036): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209035): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209035): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209035): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209035): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209034): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209034): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209034): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209034): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209033): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209033): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209033): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209033): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209032): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209032): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209032): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209032): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.308:15209031): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.308:15209031): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.308:15209031): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.308:15209031): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73115c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435952 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209030): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209030): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209030): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209030): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.305:15209030): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.305:15209030): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209030): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209029): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209029): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209029): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209029): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209028): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209028): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209028): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209028): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209027): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209027): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209027): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209027): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209026): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209026): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209026): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209026): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209025): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209025): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209025): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209025): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.305:15209024): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.305:15209024): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.305:15209024): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.305:15209024): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.277:15209023): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.277:15209023): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.277:15209023): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.277:15209023): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.277:15209023): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.277:15209023): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.277:15209023): arch=c000003e syscall=59 success=yes exit=0 a0=565a637a38a8 a1=565a637a3800 a2=565a637a3818 a3=33eab49aba02f948 items=2 ppid=435943 pid=435950 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.276:15209022): proctitle=707300617578"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.276:15209022): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.276:15209022): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.276:15209022): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.276:15209022): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.276:15209022): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.276:15209022): arch=c000003e syscall=59 success=yes exit=0 a0=565a637a3888 a1=565a637a37e0 a2=565a637a37f8 a3=33eab49aba02f948 items=2 ppid=435943 pid=435949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.271:15209021): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.271:15209021): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.271:15209021): item=0 name=\"/bin/sh\" inode=8524584 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.271:15209021): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.271:15209021): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.271:15209021): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.271:15209021): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf20 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=435931 pid=435943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.226:15209020): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.226:15209020): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.226:15209020): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.226:15209020): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.226:15209020): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.226:15209020): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435931 pid=435940 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.211:15209019): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.211:15209019): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.211:15209019): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.211:15209019): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.211:15209019): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1487459165\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/de0365b4b0f6fa59696399aa14b23377fcd8e1f55fde0330d07253c2696c2ba3.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.211:15209019): arch=c000003e syscall=59 success=yes exit=0 a0=c000268920 a1=c00031d800 a2=c00031d880 a3=0 items=2 ppid=4241 pid=435931 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.039:15209018): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.039:15209018): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.039:15209018): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.039:15209018): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.039:15209018): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.039:15209018): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.039:15209018): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.039:15209017): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.039:15209017): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.039:15209017): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.039:15209017): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.039:15209016): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.039:15209016): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.039:15209016): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.039:15209016): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.038:15209015): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.038:15209015): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.038:15209015): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.038:15209015): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.038:15209014): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.038:15209014): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.038:15209014): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.038:15209014): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.038:15209013): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.038:15209013): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.038:15209013): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.038:15209013): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.038:15209012): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.038:15209012): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.038:15209012): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.038:15209012): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.036:15209011): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.036:15209011): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.036:15209011): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.036:15209011): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.036:15209011): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.036:15209011): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.036:15209011): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.036:15209010): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.036:15209010): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.036:15209010): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.036:15209010): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.036:15209009): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.036:15209009): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.036:15209009): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.036:15209009): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.036:15209008): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.036:15209008): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.036:15209008): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.036:15209008): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.035:15209007): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.035:15209007): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.035:15209007): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.035:15209007): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.035:15209006): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.035:15209006): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.035:15209006): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.035:15209006): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.035:15209005): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.035:15209005): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.035:15209005): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.035:15209005): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15209004): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209004): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209004): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15209004): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766366.033:15209004): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766366.033:15209004): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15209004): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15209003): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209003): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15209003): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15209003): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15209002): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209002): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15209002): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15209002): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15209001): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209001): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15209001): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15209001): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15209000): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15209000): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15209000): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15209000): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.033:15208999): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.033:15208999): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.033:15208999): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.033:15208999): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766366.032:15208998): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766366.032:15208998): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766366.032:15208998): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766366.032:15208998): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435928 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.171:15208997): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.171:15208997): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.171:15208997): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.171:15208997): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766365.171:15208997): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.171:15208997): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435908 pid=435917 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.155:15208996): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.155:15208996): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.155:15208996): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.155:15208996): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766365.155:15208996): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3891186614\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/4ba07d62ccbc742caeed2e7f075f308016b489622312f044d358da7567a33ee0.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.155:15208996): arch=c000003e syscall=59 success=yes exit=0 a0=c000446550 a1=c000274380 a2=c000274400 a3=0 items=2 ppid=4374 pid=435908 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208995): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208995): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208995): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208995): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766365.015:15208995): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766365.015:15208995): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208995): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208994): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208994): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208994): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208994): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208993): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208993): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208993): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208993): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208992): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208992): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208992): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208992): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208991): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208991): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208991): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208991): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.015:15208990): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.015:15208990): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.015:15208990): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.015:15208990): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.014:15208989): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.014:15208989): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.014:15208989): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.014:15208989): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464001e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.012:15208988): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208988): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208988): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.012:15208988): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766365.012:15208988): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766365.012:15208988): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.012:15208988): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.012:15208987): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208987): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.012:15208987): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.012:15208987): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.012:15208986): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208986): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.012:15208986): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.012:15208986): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.012:15208985): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208985): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.012:15208985): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.012:15208985): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.012:15208984): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.012:15208984): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.012:15208984): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.012:15208984): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.011:15208983): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.011:15208983): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.011:15208983): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.011:15208983): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.011:15208982): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.011:15208982): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.011:15208982): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.011:15208982): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208981): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208981): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208981): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208981): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766365.009:15208981): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766365.009:15208981): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208981): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208980): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208980): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208980): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208980): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208979): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208979): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208979): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208979): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208978): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208978): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208978): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208978): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208977): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208977): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208977): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208977): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208976): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208976): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208976): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208976): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766365.009:15208975): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766365.009:15208975): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766365.009:15208975): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766365.009:15208975): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2468002e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766364.289:15208974): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.289:15208974): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.289:15208974): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766364.289:15208974): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766364.289:15208974): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766364.289:15208974): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766364.289:15208974): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c0000a5350 a2=c0001651c0 a3=0 items=2 ppid=435885 pid=435897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766364.238:15208973): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.238:15208973): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.238:15208973): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766364.238:15208973): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766364.238:15208973): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766364.238:15208973): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=435885 pid=435893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766364.224:15208972): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.224:15208972): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766364.224:15208972): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766364.224:15208972): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766364.224:15208972): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1694472210\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/a1078aab4cf1b35705cfda012ffafddee107b6e2e5b24d40bab5b052f7e55238.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766364.224:15208972): arch=c000003e syscall=59 success=yes exit=0 a0=c000404660 a1=c00017ea80 a2=c00017eb00 a3=0 items=2 ppid=2767 pid=435885 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.281:15208971): proctitle=77676574002D2D73706964657200687474703A2F2F6C6F63616C686F73743A333130302F7265616479"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.281:15208971): item=0 name=\"/busybox/wget\" inode=6701653 dev=00:a1 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.281:15208971): cwd=\"/\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.281:15208971): argc=3 a0=\"wget\" a1=\"--spider\" a2=\"http://localhost:3100/ready\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766363.281:15208971): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.281:15208971): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fce60 a1=c000022660 a2=c0000cf9e0 a3=0 items=1 ppid=435866 pid=435878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/busybox/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.229:15208970): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.229:15208970): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.229:15208970): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.229:15208970): cwd=\"/var/lib/docker/rootfs/overlayfs/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.229:15208970): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.229:15208970): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=435866 pid=435876 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.215:15208969): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63333930613733333562613864383136633131396462303336"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.215:15208969): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.215:15208969): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.215:15208969): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.215:15208969): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process712941532\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/4c5eb0ece78e6ea7672331148a59c7e7a934676b173f53996a69fb963d58a4df.pid\" a14=\"c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.215:15208969): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b0590 a1=c000094b00 a2=c000095e00 a3=0 items=2 ppid=4250 pid=435866 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.097:15208968): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.097:15208968): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.097:15208968): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.097:15208968): cwd=\"/\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.097:15208968): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766363.097:15208968): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.097:15208968): arch=c000003e syscall=59 success=yes exit=0 a0=5fb31032da70 a1=5fb310220630 a2=5fb30ff98970 a3=7fc8fc101e70 items=2 ppid=435858 pid=435864 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.058:15208967): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.058:15208967): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.058:15208967): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.058:15208967): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.058:15208967): cwd=\"/\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.058:15208967): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766363.058:15208967): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.058:15208967): arch=c000003e syscall=59 success=yes exit=0 a0=580a67bc4678 a1=580a67bc45e0 a2=580a67bc4610 a3=8 items=3 ppid=435858 pid=435864 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.054:15208966): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.054:15208966): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.054:15208966): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.054:15208966): cwd=\"/\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.054:15208966): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766363.054:15208966): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.054:15208966): arch=c000003e syscall=59 success=yes exit=0 a0=c000196eb0 a1=c000022680 a2=c000025260 a3=0 items=2 ppid=435846 pid=435858 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766363.010:15208965): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.010:15208965): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766363.010:15208965): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766363.010:15208965): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766363.010:15208965): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766363.010:15208965): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=435846 pid=435855 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.994:15208964): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.994:15208964): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.994:15208964): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.994:15208964): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.994:15208964): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3923867980\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/4fe25ad169323e4891fa9d8f308426e1b50d074f037d336e3c4920ff97c75ffc.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.994:15208964): arch=c000003e syscall=59 success=yes exit=0 a0=c000340d70 a1=c000384600 a2=c000384680 a3=0 items=2 ppid=4402 pid=435846 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.953:15208963): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.953:15208963): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.953:15208963): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.953:15208963): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.953:15208963): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.953:15208963): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.953:15208963): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=435804 pid=435833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.952:15208962): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.952:15208962): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.952:15208962): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.952:15208962): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.952:15208962): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.952:15208962): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.952:15208962): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=2 ppid=435805 pid=435835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.902:15208961): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.902:15208961): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.902:15208961): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.902:15208961): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.902:15208961): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.902:15208961): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435805 pid=435827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.900:15208960): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.900:15208960): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.900:15208960): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.900:15208960): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.900:15208960): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.900:15208960): arch=c000003e syscall=59 success=yes exit=0 a0=c000173830 a1=c000177338 a2=c000179c40 a3=0 items=2 ppid=435804 pid=435821 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.886:15208959): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.886:15208959): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.886:15208959): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.886:15208959): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.886:15208959): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1442072014\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/9f5c0f3a7dc4b5c24539f8a9d1468df65460f884387d88ccfc46590f01bfa71d.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.886:15208959): arch=c000003e syscall=59 success=yes exit=0 a0=c0003fa250 a1=c0003c9380 a2=c0004e2000 a3=0 items=2 ppid=3759 pid=435805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.885:15208958): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.885:15208958): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.885:15208958): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.885:15208958): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.885:15208958): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1893206378\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/578e0f50447612513fda2ae201f10c27ecf42c517d2eb66ae2c33d3acd376524.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.885:15208958): arch=c000003e syscall=59 success=yes exit=0 a0=c0004950d0 a1=c000490900 a2=c000490980 a3=0 items=2 ppid=2638 pid=435804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.796:15208957): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.796:15208957): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.796:15208957): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.796:15208957): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.796:15208957): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.796:15208957): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.796:15208957): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c00014d1c0 a3=0 items=2 ppid=3571 pid=435797 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.755:15208956): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.755:15208956): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.755:15208956): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.755:15208956): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.755:15208956): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.755:15208956): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435784 pid=435793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.741:15208955): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.741:15208955): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.741:15208955): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.741:15208955): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.741:15208955): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process426350565\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/4cff4dffebdcb2cc85853f95aad79a20138036a1a02fc8148cd927c29c295366.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.741:15208955): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b3d50 a1=c0000c9d00 a2=c0000c9d80 a3=0 items=2 ppid=3571 pid=435784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.461:15208954): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.461:15208954): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.461:15208954): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.461:15208954): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.461:15208954): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.461:15208954): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.461:15208954): arch=c000003e syscall=59 success=yes exit=0 a0=7d58afbfe3f8 a1=7d58afbfe290 a2=7d58afbfe378 a3=0 items=2 ppid=435745 pid=435768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.457:15208953): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.457:15208953): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.457:15208953): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.457:15208953): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.457:15208953): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.457:15208953): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.457:15208953): arch=c000003e syscall=59 success=yes exit=0 a0=79485232c278 a1=79485232c1d8 a2=79485232c1f8 a3=8080808080808080 items=2 ppid=3558 pid=435775 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.455:15208952): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.455:15208952): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.455:15208952): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.455:15208952): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.455:15208952): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.455:15208952): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.455:15208952): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=435745 pid=435768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.455:15208951): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.455:15208951): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.455:15208951): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.455:15208951): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.455:15208951): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.455:15208951): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.455:15208951): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435744 pid=435775 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.413:15208950): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.413:15208950): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.413:15208950): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.413:15208950): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.413:15208950): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.413:15208950): arch=c000003e syscall=59 success=yes exit=0 a0=c000114010 a1=c00011a000 a2=c00011c000 a3=0 items=2 ppid=435744 pid=435765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.410:15208949): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.410:15208949): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.410:15208949): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.410:15208949): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.410:15208949): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.410:15208949): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=435745 pid=435760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.394:15208948): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.394:15208948): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.394:15208948): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.394:15208948): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.394:15208948): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3608089213\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/8887c581a51c0b403ee8f213ccb4a6e1282222a6f1f77b4d943505ff86b8d91a.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.394:15208948): arch=c000003e syscall=59 success=yes exit=0 a0=c0002adee0 a1=c0004f8280 a2=c0004f8300 a3=0 items=2 ppid=3688 pid=435745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.392:15208947): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.392:15208947): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.392:15208947): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.392:15208947): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.392:15208947): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process829887951\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/5683331de46d0b7b0d13ee13640d92a9fa267e143b048abc1a110ec468e9acbb.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.392:15208947): arch=c000003e syscall=59 success=yes exit=0 a0=c000428c10 a1=c00035c700 a2=c00035c780 a3=0 items=2 ppid=3558 pid=435744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.308:15208946): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.308:15208946): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.308:15208946): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.308:15208946): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.308:15208946): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.308:15208946): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.308:15208946): arch=c000003e syscall=59 success=yes exit=0 a0=79bae3391408 a1=79bae33913b0 a2=79bae33913d8 a3=8080808080808080 items=2 ppid=435737 pid=435743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.305:15208945): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.305:15208945): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.305:15208945): item=0 name=\"/bin/sh\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.305:15208945): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.305:15208945): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.305:15208945): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.305:15208945): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=435723 pid=435737 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.252:15208944): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.252:15208944): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.252:15208944): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.252:15208944): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.252:15208944): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.252:15208944): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435723 pid=435731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.251:15208943): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.251:15208943): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.251:15208943): item=0 name=\"/usr/bin/wget\" inode=3461048 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.251:15208943): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.251:15208943): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:80/v1/health\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.251:15208943): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.251:15208943): arch=c000003e syscall=59 success=yes exit=0 a0=7feb4487d400 a1=7feb4487d390 a2=7feb4487d3b8 a3=8 items=2 ppid=435717 pid=435729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.248:15208942): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.248:15208942): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.248:15208942): item=0 name=\"/bin/sh\" inode=3461048 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.248:15208942): cwd=\"/\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.248:15208942): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.248:15208942): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.248:15208942): arch=c000003e syscall=59 success=yes exit=0 a0=c00018d088 a1=c000022aa0 a2=c0000db200 a3=0 items=2 ppid=435704 pid=435717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.238:15208941): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.238:15208941): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.238:15208941): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.238:15208941): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.238:15208941): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3863597727\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/78753602f58e1d90012c1abaaa3db9ea172df9bd026c2d8ac41434a21258a5da.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.238:15208941): arch=c000003e syscall=59 success=yes exit=0 a0=c000011980 a1=c0000f5280 a2=c0000f5300 a3=0 items=2 ppid=2253 pid=435723 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.205:15208940): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.205:15208940): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.205:15208940): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.205:15208940): cwd=\"/var/lib/docker/rootfs/overlayfs/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.205:15208940): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.205:15208940): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fb830 a1=c0001ff338 a2=c000281c40 a3=0 items=2 ppid=435704 pid=435713 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.189:15208939): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393965303238373838386164653730643965326634613139"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.189:15208939): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.189:15208939): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.189:15208939): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.189:15208939): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1940129036\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/0bad283a572ae24e0b310bb34c26d0502580a0cb159219d8ffb4deb40596da08.pid\" a14=\"999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.189:15208939): arch=c000003e syscall=59 success=yes exit=0 a0=c000364390 a1=c00016e100 a2=c00016e180 a3=0 items=2 ppid=2258 pid=435704 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.013:15208938): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.013:15208938): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.013:15208938): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.013:15208938): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.013:15208938): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.013:15208938): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.013:15208938): arch=c000003e syscall=59 success=yes exit=0 a0=63dfbd04c758 a1=63dfa2e9e990 a2=63dfbd04c6e8 a3=8 items=2 ppid=435697 pid=435703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766362.009:15208937): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.009:15208937): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766362.009:15208937): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766362.009:15208937): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766362.009:15208937): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766362.009:15208937): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766362.009:15208937): arch=c000003e syscall=59 success=yes exit=0 a0=c00018aeb8 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435684 pid=435697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766361.964:15208936): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766361.964:15208936): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766361.964:15208936): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766361.964:15208936): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766361.964:15208936): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766361.964:15208936): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c7890 a1=c0001cb350 a2=c0001cdc80 a3=0 items=2 ppid=435684 pid=435692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766361.950:15208935): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766361.950:15208935): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766361.950:15208935): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766361.950:15208935): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766361.950:15208935): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3214442692\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/46d626134053df31a857111255c1244cef92581d32028c3067ff5da2b3874628.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-05-02T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766361.950:15208935): arch=c000003e syscall=59 success=yes exit=0 a0=c0000114c0 a1=c00044a180 a2=c00044a200 a3=0 items=2 ppid=4578 pid=435684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.267:15208934): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.267:15208934): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.267:15208934): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.267:15208934): cwd=\"/\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.267:15208934): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.267:15208934): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.267:15208934): arch=c000003e syscall=59 success=yes exit=0 a0=7f1bbfb7c278 a1=7f1bbfb7c1d8 a2=7f1bbfb7c1f8 a3=8080808080808080 items=2 ppid=3626 pid=435669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.265:15208933): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.265:15208933): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.265:15208933): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.265:15208933): cwd=\"/\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.265:15208933): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.265:15208933): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.265:15208933): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435657 pid=435669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208932): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208932): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208932): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208932): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.250:15208932): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.250:15208932): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208932): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208931): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208931): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208931): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208931): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208930): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208930): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208930): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208930): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208929): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208929): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208929): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208929): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208928): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208928): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208928): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208928): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208927): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208927): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208927): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208927): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.250:15208926): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.250:15208926): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.250:15208926): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.250:15208926): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73117a0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.247:15208925): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.247:15208925): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.247:15208925): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.247:15208925): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.247:15208925): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.247:15208925): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.247:15208925): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.247:15208924): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.247:15208924): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.247:15208924): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.247:15208924): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.247:15208923): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.247:15208923): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.247:15208923): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.247:15208923): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.247:15208922): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.247:15208922): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.247:15208922): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.247:15208922): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.246:15208921): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.246:15208921): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.246:15208921): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.246:15208921): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.246:15208920): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.246:15208920): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.246:15208920): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.246:15208920): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.246:15208919): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.246:15208919): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.246:15208919): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.246:15208919): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b7311780 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208918): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208918): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208918): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208918): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.243:15208918): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.243:15208918): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208918): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208917): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208917): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208917): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208917): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208916): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208916): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208916): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208916): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208915): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208915): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208915): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208915): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208914): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208914): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208914): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208914): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208913): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208913): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208913): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208913): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.243:15208912): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.243:15208912): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.243:15208912): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.243:15208912): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c022d9c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.234:15208911): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.234:15208911): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.234:15208911): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.234:15208911): cwd=\"/\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.234:15208911): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.234:15208911): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.234:15208911): arch=c000003e syscall=59 success=yes exit=0 a0=76f8119a93f8 a1=76f8119a9278 a2=76f8119a9378 a3=0 items=2 ppid=3652 pid=435651 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.230:15208910): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.230:15208910): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.230:15208910): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.230:15208910): cwd=\"/\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.230:15208910): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.230:15208910): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.230:15208910): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435638 pid=435651 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.216:15208909): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.216:15208909): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.216:15208909): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.216:15208909): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.216:15208909): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.216:15208909): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=435657 pid=435667 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.200:15208908): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.200:15208908): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.200:15208908): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.200:15208908): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.200:15208908): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4173387933\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/9e23d920e9cccd93815294dfdadaefcce7dcd56f51bdfd72c114b03a5cd86668.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.200:15208908): arch=c000003e syscall=59 success=yes exit=0 a0=c0004ad370 a1=c000103b00 a2=c000103b80 a3=0 items=2 ppid=3626 pid=435657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.181:15208907): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.181:15208907): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.181:15208907): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.181:15208907): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.181:15208907): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.181:15208907): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435638 pid=435647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.168:15208906): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.168:15208906): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.168:15208906): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.168:15208906): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.168:15208906): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process759103289\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/4e6f4a4632b4b8d2863ccb202e611e63baac073fc467d266af6866e87c6cc01a.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.168:15208906): arch=c000003e syscall=59 success=yes exit=0 a0=c000514490 a1=c0004f4000 a2=c0004f4080 a3=0 items=2 ppid=3652 pid=435638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208905): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208905): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208905): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208905): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766360.001:15208905): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766360.001:15208905): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208905): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208904): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208904): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208904): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208904): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208903): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208903): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208903): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208903): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208902): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208902): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208902): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208902): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208901): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208901): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208901): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208901): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208900): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208900): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208900): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208900): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766360.001:15208899): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766360.001:15208899): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766360.001:15208899): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766360.001:15208899): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf6127a0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208898): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208898): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208898): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208898): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.997:15208898): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.997:15208898): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208898): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208897): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208897): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208897): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208897): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208896): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208896): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208896): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208896): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208895): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208895): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208895): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208895): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208894): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208894): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208894): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208894): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208893): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208893): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208893): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208893): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.997:15208892): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.997:15208892): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.997:15208892): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.997:15208892): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208891): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208891): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208891): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208891): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.992:15208891): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.992:15208891): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208891): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208890): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208890): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208890): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208890): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208889): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208889): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208889): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208889): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208888): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208888): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208888): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208888): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208887): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208887): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208887): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208887): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.992:15208886): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.992:15208886): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.992:15208886): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.992:15208886): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.991:15208885): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.991:15208885): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.991:15208885): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.991:15208885): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612760 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.294:15208884): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.294:15208884): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.294:15208884): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.294:15208884): cwd=\"/\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.294:15208884): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.294:15208884): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.294:15208884): arch=c000003e syscall=59 success=yes exit=0 a0=708940600288 a1=7089406001e8 a2=708940600208 a3=0 items=2 ppid=3223 pid=435627 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.290:15208883): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.290:15208883): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.290:15208883): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.290:15208883): cwd=\"/\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.290:15208883): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.290:15208883): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.290:15208883): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435600 pid=435627 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.290:15208882): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.290:15208882): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.290:15208882): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.290:15208882): cwd=\"/\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.290:15208882): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.290:15208882): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.290:15208882): arch=c000003e syscall=59 success=yes exit=0 a0=70b1ab366288 a1=70b1ab3661e8 a2=70b1ab366208 a3=0 items=2 ppid=3630 pid=435613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.287:15208881): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.287:15208881): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.287:15208881): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.287:15208881): cwd=\"/\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.287:15208881): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.287:15208881): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.287:15208881): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=435594 pid=435613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.254:15208880): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.254:15208880): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.254:15208880): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:175 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.254:15208880): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.254:15208880): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.254:15208880): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=435600 pid=435621 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.242:15208879): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.242:15208879): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.242:15208879): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.242:15208879): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.242:15208879): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.242:15208879): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=435594 pid=435604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.236:15208878): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.236:15208878): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.236:15208878): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.236:15208878): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.236:15208878): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3674288433\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/0a5d38c7182e110d89e425f01d3f5ba027867357513ebd47ccf199cb5992f852.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.236:15208878): arch=c000003e syscall=59 success=yes exit=0 a0=c000401ca0 a1=c000199180 a2=c000199200 a3=0 items=2 ppid=3223 pid=435600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.227:15208877): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.227:15208877): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.227:15208877): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.227:15208877): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.227:15208877): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1731272015\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/35a116ec699303c5edf4b71acdebca5e93e891e1c13e3914a82ad126edce7d06.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.227:15208877): arch=c000003e syscall=59 success=yes exit=0 a0=c000480540 a1=c0000fec80 a2=c0002bdb80 a3=0 items=2 ppid=3630 pid=435594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.069:15208876): proctitle=6C73002F"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.069:15208876): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.069:15208876): item=0 name=\"/usr/bin/ls\" inode=6837222 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.069:15208876): cwd=\"/project\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.069:15208876): argc=2 a0=\"ls\" a1=\"/\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.069:15208876): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.069:15208876): arch=c000003e syscall=59 success=yes exit=0 a0=5dbbaddb96f0 a1=5dbb8b4ab990 a2=5dbbaddb9698 a3=8 items=2 ppid=435587 pid=435593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ls\" exe=\"/usr/bin/ls\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.065:15208875): proctitle=2F62696E2F7368002D63006C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.065:15208875): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.065:15208875): item=0 name=\"/bin/sh\" inode=6834806 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.065:15208875): cwd=\"/project\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.065:15208875): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766359.065:15208875): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.065:15208875): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae78 a1=c000022aa0 a2=c00013a320 a3=0 items=2 ppid=435574 pid=435587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766359.013:15208874): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.013:15208874): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766359.013:15208874): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766359.013:15208874): cwd=\"/var/lib/docker/rootfs/overlayfs/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766359.013:15208874): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766359.013:15208874): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=435574 pid=435585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208873): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208873): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208873): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208873): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.999:15208873): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.999:15208873): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208873): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208872): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208872): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208872): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208872): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208871): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208871): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208871): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208871): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208870): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208870): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208870): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208870): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208869): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208869): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208869): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208869): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208868): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208868): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208868): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208868): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.999:15208867): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.999:15208867): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.999:15208867): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.999:15208867): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2464000c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208866): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208866): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208866): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208866): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.995:15208866): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.995:15208866): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208866): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208865): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61616663333331386632613266646466663164613565336339"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208865): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208865): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208865): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.995:15208865): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3259686259\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/4fb3a1e22f02dd55cf1fa06f054816d83efcfd0a8c91ea6fc9722bc2ac5c9214.pid\" a14=\"aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208865): arch=c000003e syscall=59 success=yes exit=0 a0=c000010960 a1=c000373d80 a2=c000373e00 a3=0 items=2 ppid=4396 pid=435574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208864): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208864): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208864): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208864): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208863): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208863): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208863): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208863): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208862): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208862): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208862): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208862): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208861): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208861): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208861): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208861): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208860): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208860): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208860): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208860): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.995:15208859): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.995:15208859): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.995:15208859): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.995:15208859): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000600 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208858): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208858): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208858): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208858): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.991:15208858): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.991:15208858): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208858): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208857): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208857): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208857): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208857): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208856): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208856): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208856): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208856): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208855): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208855): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208855): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208855): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208854): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208854): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208854): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208854): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208853): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208853): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208853): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208853): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.991:15208852): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.991:15208852): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.991:15208852): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.991:15208852): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246800220 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.764:15208851): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.764:15208851): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.764:15208851): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.764:15208851): cwd=\"/\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.764:15208851): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.764:15208851): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.764:15208851): arch=c000003e syscall=59 success=yes exit=0 a0=7d8491b2b288 a1=7d8491b2b1e8 a2=7d8491b2b208 a3=0 items=2 ppid=4000 pid=435564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.761:15208850): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.761:15208850): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.761:15208850): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.761:15208850): cwd=\"/\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.761:15208850): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.761:15208850): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.761:15208850): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=435552 pid=435564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.708:15208849): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.708:15208849): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.708:15208849): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.708:15208849): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.708:15208849): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.708:15208849): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=435552 pid=435561 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.693:15208848): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.693:15208848): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.693:15208848): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.693:15208848): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.693:15208848): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1981053435\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/9be591e10a1b2d2aba7fc343db3d5cb577a75bf9618a52ab2cedb245572cef12.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.693:15208848): arch=c000003e syscall=59 success=yes exit=0 a0=c000334c20 a1=c000308980 a2=c000308a00 a3=0 items=2 ppid=4000 pid=435552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.472:15208847): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.472:15208847): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.472:15208847): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.472:15208847): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.472:15208847): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.472:15208847): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.472:15208847): arch=c000003e syscall=59 success=yes exit=0 a0=5bd05a9a09a0 a1=5bd05a9a1280 a2=5bd05a99d300 a3=8 items=2 ppid=435548 pid=435550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.472:15208846): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.472:15208846): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.472:15208846): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.472:15208846): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.472:15208846): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.472:15208846): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.472:15208846): arch=c000003e syscall=59 success=yes exit=0 a0=5bd05a9a09d0 a1=5bd05a9a12b0 a2=5bd05a99d300 a3=8 items=2 ppid=435548 pid=435549 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.464:15208845): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.464:15208845): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.464:15208845): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.464:15208845): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.464:15208845): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.464:15208845): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766358.464:15208845): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.464:15208845): arch=c000003e syscall=59 success=yes exit=0 a0=c000027350 a1=c00002a7e0 a2=c0001ae000 a3=0 items=3 ppid=435530 pid=435542 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.416:15208844): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.416:15208844): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.416:15208844): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.416:15208844): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.416:15208844): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.416:15208844): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435530 pid=435539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.402:15208843): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.402:15208843): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.402:15208843): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.402:15208843): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.402:15208843): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2174566397\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/c70ce04b9d1b3d1040684ca87be45699dad4cb939f34153692b01f395a1cd5cf.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.402:15208843): arch=c000003e syscall=59 success=yes exit=0 a0=c00039d0d0 a1=c00033e180 a2=c00033e200 a3=0 items=2 ppid=4295 pid=435530 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.153:15208842): proctitle=77676574002D2D737069646572002D2D717569657400687474703A2F2F6C6F63616C686F73743A39303030"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.153:15208842): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6690187 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.153:15208842): item=0 name=\"/usr/bin/wget\" inode=6689540 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.153:15208842): cwd=\"/\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.153:15208842): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"--quiet\" a3=\"http://localhost:9000\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.153:15208842): arch=c000003e syscall=59 success=yes exit=0 a0=c00016be70 a1=c000165560 a2=c0000224e0 a3=0 items=2 ppid=435511 pid=435524 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.134:15208841): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.134:15208841): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.134:15208841): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.134:15208841): cwd=\"/var/lib/docker/rootfs/overlayfs/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.134:15208841): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.134:15208841): arch=c000003e syscall=59 success=yes exit=0 a0=c000173b30 a1=c0000a7038 a2=c000095c00 a3=0 items=2 ppid=435511 pid=435521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766358.120:15208840): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30386566386532663236353361373935623439663963333164"}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.120:15208840): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766358.120:15208840): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766358.120:15208840): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766358.120:15208840): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2774652143\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/0ffed9db5811f34edd96fd61636723a36784caf556efb3f548ee2eb0a6bac5c4.pid\" a14=\"08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-05-02T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766358.120:15208840): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a2d40 a1=c00023e000 a2=c00023f880 a3=0 items=2 ppid=3063 pid=435511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766357.820:15208839): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.820:15208839): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.820:15208839): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766357.820:15208839): cwd=\"/\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766357.820:15208839): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766357.820:15208839): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766357.820:15208839): arch=c000003e syscall=59 success=yes exit=0 a0=5c4480a87990 a1=5c4480aa99c0 a2=5c4480a88860 a3=8 items=2 ppid=435503 pid=435510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766357.806:15208838): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.806:15208838): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.806:15208838): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766357.806:15208838): cwd=\"/\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766357.806:15208838): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766357.806:15208838): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766357.806:15208838): arch=c000003e syscall=59 success=yes exit=0 a0=5c4480a87fe0 a1=5c4480aa9810 a2=5c4480a884a0 a3=8 items=2 ppid=435503 pid=435509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766357.796:15208837): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.796:15208837): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.796:15208837): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.796:15208837): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766357.796:15208837): cwd=\"/\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766357.796:15208837): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766357.796:15208837): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766357.796:15208837): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c000156320 a3=0 items=3 ppid=435491 pid=435503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766357.754:15208836): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.754:15208836): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.754:15208836): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766357.754:15208836): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766357.754:15208836): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766357.754:15208836): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435491 pid=435501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766357.741:15208835): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.741:15208835): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766357.741:15208835): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766357.741:15208835): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766357.741:15208835): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3852917360\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/f35dcf7cce7ada77a51af1e20dde680711ae982d4c363ffdc6886d85bfd34e9f.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-05-02T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766357.741:15208835): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b2ce0 a1=c0000ffa00 a2=c0000ffa80 a3=0 items=2 ppid=4475 pid=435491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766356.479:15208834): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.479:15208834): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.479:15208834): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766356.479:15208834): cwd=\"/\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766356.479:15208834): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766356.479:15208834): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766356.479:15208834): arch=c000003e syscall=59 success=yes exit=0 a0=5d834a0b34f0 a1=5d834a0b1d30 a2=5d8349de1970 a3=7b9c7b7f9e70 items=2 ppid=435481 pid=435487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766356.440:15208833): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.440:15208833): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.440:15208833): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.440:15208833): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766356.440:15208833): cwd=\"/\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766356.440:15208833): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766356.440:15208833): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766356.440:15208833): arch=c000003e syscall=59 success=yes exit=0 a0=5dbcd0f20640 a1=5dbcaaa1a9a8 a2=5dbcd0f205d8 a3=8 items=3 ppid=435481 pid=435487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766356.436:15208832): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.436:15208832): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.436:15208832): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766356.436:15208832): cwd=\"/\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766356.436:15208832): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766356.436:15208832): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766356.436:15208832): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=435468 pid=435481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766356.385:15208831): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.385:15208831): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.385:15208831): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766356.385:15208831): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766356.385:15208831): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766356.385:15208831): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435468 pid=435478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766356.371:15208830): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.371:15208830): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766356.371:15208830): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766356.371:15208830): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766356.371:15208830): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2758218960\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/53d474a61edf4c6c2cadd8e16de4f5eedd906e66cda47991ce8432ff7064cfb3.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-05-02T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766356.371:15208830): arch=c000003e syscall=59 success=yes exit=0 a0=c000371880 a1=c0003f4400 a2=c0003f4480 a3=0 items=2 ppid=4084 pid=435468 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.785:15208829): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.785:15208829): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.785:15208829): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.785:15208829): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.785:15208829): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766355.785:15208829): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.785:15208829): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af50 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=435448 pid=435460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.737:15208828): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.737:15208828): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.737:15208828): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.737:15208828): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.737:15208828): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.737:15208828): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435448 pid=435457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.723:15208827): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.723:15208827): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.723:15208827): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.723:15208827): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.723:15208827): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3570922845\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/a9825ec4e510db81ae21d7a6c009e4ee4b1d146324a8ed9ffb6ed85b22a61fe0.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.723:15208827): arch=c000003e syscall=59 success=yes exit=0 a0=c0000c71b0 a1=c000370200 a2=c000370280 a3=0 items=2 ppid=4472 pid=435448 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.414:15208826): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.414:15208826): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.414:15208826): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.414:15208826): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.414:15208826): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.414:15208826): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5860 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=435427 pid=435437 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.400:15208825): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.400:15208825): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.400:15208825): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.400:15208825): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.400:15208825): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1668986003\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/f5cab96269d7b0a6dc47e9c0a1c4573ffb67991773d516c03cf167989f91b95f.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.400:15208825): arch=c000003e syscall=59 success=yes exit=0 a0=c000241800 a1=c0002d3680 a2=c0002d3700 a3=0 items=2 ppid=3764 pid=435427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.038:15208824): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.038:15208824): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.038:15208824): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.038:15208824): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.038:15208824): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766355.038:15208824): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.038:15208824): arch=c000003e syscall=59 success=yes exit=0 a0=7472dc5ef408 a1=7472dc5ef3b0 a2=7472dc5ef3d8 a3=8080808080808080 items=2 ppid=435420 pid=435426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766355.035:15208823): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.035:15208823): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766355.035:15208823): item=0 name=\"/bin/sh\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766355.035:15208823): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766355.035:15208823): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766355.035:15208823): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766355.035:15208823): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=2257 pid=435420 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.994:15208822): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.994:15208822): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.994:15208822): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.994:15208822): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.994:15208822): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.994:15208822): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=435408 pid=435417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.980:15208821): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.980:15208821): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.980:15208821): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.980:15208821): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.980:15208821): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2520303871\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/e5105d33370ac85d68bce186e0f135ce72a7384479ac70f2831bf3f96b3fc590.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-05-02T23:59:15Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.980:15208821): arch=c000003e syscall=59 success=yes exit=0 a0=c000010eb0 a1=c000233900 a2=c000233980 a3=0 items=2 ppid=2257 pid=435408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.381:15208820): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.381:15208820): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.381:15208820): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.381:15208820): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.381:15208820): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.381:15208820): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.381:15208820): arch=c000003e syscall=59 success=yes exit=0 a0=5d17699c3c68 a1=5d17699c38f8 a2=5d17699c3ba8 a3=8 items=2 ppid=435388 pid=435394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.377:15208819): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.377:15208819): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.377:15208819): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.377:15208819): cwd=\"/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.377:15208819): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.377:15208819): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.377:15208819): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf08 a1=c000022680 a2=c00013c240 a3=0 items=2 ppid=4094 pid=435388 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.335:15208818): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.335:15208818): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.335:15208818): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.335:15208818): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.335:15208818): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.335:15208818): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=435376 pid=435385 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.321:15208817): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.321:15208817): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.321:15208817): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.321:15208817): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.321:15208817): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3429622876\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/6267061b61cc79dd8c64d68339d671f3a237a591a13516ef65bdd38c865520cc.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.321:15208817): arch=c000003e syscall=59 success=yes exit=0 a0=c000375440 a1=c0002e4580 a2=c0002e4600 a3=0 items=2 ppid=4094 pid=435376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.210:15208816): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.210:15208816): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.210:15208816): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.210:15208816): cwd=\"/data\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.210:15208816): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.210:15208816): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.210:15208816): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d7350 a2=c0000df1c0 a3=0 items=2 ppid=435355 pid=435367 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208815): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208815): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208815): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208815): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.186:15208815): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.186:15208815): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208815): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208814): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208814): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208814): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208814): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208813): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208813): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208813): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208813): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208812): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208812): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208812): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208812): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208811): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208811): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208811): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208811): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.186:15208810): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.186:15208810): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.186:15208810): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.186:15208810): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.185:15208809): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.185:15208809): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.185:15208809): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.185:15208809): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73114c0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.183:15208808): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.183:15208808): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.183:15208808): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.183:15208808): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.183:15208808): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.183:15208808): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.183:15208808): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.183:15208807): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.183:15208807): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.183:15208807): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.183:15208807): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.183:15208806): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.183:15208806): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.183:15208806): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.183:15208806): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.182:15208805): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.182:15208805): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.182:15208805): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.182:15208805): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.182:15208804): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.182:15208804): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.182:15208804): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.182:15208804): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.182:15208803): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.182:15208803): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.182:15208803): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.182:15208803): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.182:15208802): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.182:15208802): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.182:15208802): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.182:15208802): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660b73116e0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208801): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208801): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208801): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208801): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.179:15208801): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766354.179:15208801): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208801): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208800): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208800): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208800): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208800): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208799): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208799): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208799): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208799): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208798): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208798): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208798): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208798): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208797): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208797): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208797): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208797): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208796): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208796): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208796): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208796): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.179:15208795): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.179:15208795): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.179:15208795): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.179:15208795): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc09d20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=435373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.154:15208794): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.154:15208794): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.154:15208794): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.154:15208794): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.154:15208794): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.154:15208794): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=435355 pid=435364 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766354.139:15208793): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.139:15208793): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766354.139:15208793): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766354.139:15208793): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766354.139:15208793): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1574701519\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/8298ebac92e74bfcd2eb9bb9e5a85dfa0cc02c7c0fae9a6b87188906eadb66e9.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766354.139:15208793): arch=c000003e syscall=59 success=yes exit=0 a0=c000404120 a1=c0001b3d80 a2=c0001b3e00 a3=0 items=2 ppid=2767 pid=435355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208792): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208792): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208792): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208792): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766353.933:15208792): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766353.933:15208792): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208792): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208791): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208791): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208791): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208791): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208790): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208790): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208790): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208790): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208789): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208789): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208789): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208789): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208788): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208788): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208788): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208788): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208787): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208787): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208787): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208787): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.933:15208786): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.933:15208786): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.933:15208786): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.933:15208786): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612680 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208785): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208785): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208785): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208785): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766353.930:15208785): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766353.930:15208785): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208785): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208784): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208784): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208784): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208784): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208783): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208783): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208783): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208783): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208782): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208782): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208782): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208782): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208781): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208781): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208781): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208781): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208780): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208780): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208780): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208780): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.930:15208779): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.930:15208779): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.930:15208779): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.930:15208779): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612720 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.927:15208778): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208778): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208778): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.927:15208778): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766353.927:15208778): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766353.927:15208778): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.927:15208778): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.927:15208777): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208777): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.927:15208777): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.927:15208777): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.927:15208776): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208776): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.927:15208776): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.927:15208776): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.927:15208775): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208775): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.927:15208775): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.927:15208775): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.927:15208774): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.927:15208774): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.927:15208774): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.927:15208774): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.926:15208773): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.926:15208773): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.926:15208773): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.926:15208773): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766353.926:15208772): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766353.926:15208772): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766353.926:15208772): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766353.926:15208772): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faecf612780 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=435352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208771): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208771): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208771): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208771): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766352.972:15208771): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766352.972:15208771): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208771): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208770): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208770): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208770): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208770): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208769): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208769): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208769): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208769): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208768): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208768): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208768): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208768): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208767): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208767): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208767): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208767): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.972:15208766): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.972:15208766): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.972:15208766): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.972:15208766): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.971:15208765): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.971:15208765): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.971:15208765): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.971:15208765): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f9c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.970:15208764): proctitle=72756E6300696E6974"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.970:15208764): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.970:15208764): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:9a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.970:15208764): cwd=\"/var/lib/docker/rootfs/overlayfs/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766352.970:15208764): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.970:15208764): arch=c000003e syscall=59 success=yes exit=0 a0=c000310010 a1=c000316000 a2=c000318000 a3=0 items=2 ppid=435326 pid=435338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208763): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208763): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208763): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208763): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777766352.969:15208763): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777766352.969:15208763): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208763): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208762): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208762): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208762): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208762): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208761): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208761): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208761): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208761): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208760): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208760): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208760): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208760): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208759): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208759): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208759): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208759): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777766352.969:15208758): proctitle=\"windmill\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777766352.969:15208758): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777766352.969:15208758): cwd=\"/usr/src/app\""}
{"ts": "2026-05-02T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777766352.969:15208758): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f420 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=435336 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}