pyplugins.loggers.exec_logger module¶

Exec Logger Plugin¶

This plugin records process execution (exec) events to the penguin database. It subscribes to exec_event events published by the execs plugin, extracts relevant execution details, and stores them as Exec events in the database.

Purpose¶

Monitors process execution events in the guest.
Records argument vectors, environment, and process credentials for each exec event.
Enables later analysis of process launches and their context.

Usage¶

Simply add this plugin by name to your config.

The plugin extracts relevant fields and stores them in the database using the Exec event type.

class pyplugins.loggers.exec_logger.ExecLog[source]¶

Bases: Plugin

Plugin for logging process execution (exec) events to the database.

Subscribes to exec_event events from the execs plugin and records them as Exec events.

on_exec_event(event)[source]¶

Callback for handling exec_event events.

Parameters: - event (dict or Wrapper): The exec event data, either as a dictionary or a Wrapper object.

Extracts argument count, argument vector, environment, and process credentials, then records the event in the database as an Exec event.

Returns: None

Return type:: None