0.1.87

Bug Fixes

• Many minor bugfixes

New and Updated Features

• --fatfile option: When writing in fatfile mode, the output file will contain events that will be invisible when reading the file, but that are necessary to fully reconstruct the state

New and Updated Chisels

• lsof: This chisel prints the open file descriptors for every process in the system, with an output that is very similar to the one of lsof
• around: Given a filter on the command line, this chisel saves the events that are in a time range around filter matches
• spy_logs: This chisel intercepts all the writes to files containing .log or _log in their name, and pretty prints them
• spy_syslog (was echo_syslog): Print every message written to syslog

New and Updated filter fields

• evt.info: for most events, this field returns the same value as evt.args. However, for some events (like writes to /dev/log) it provides higher level information coming from decoding the arguments
• evt.around: accepts the event if it's around the specified time interval
• evt.is_syslog: true for events that are writes to /dev/log
• syslog.facility.str: facility as a string
• syslog.facility: facility as a number (0-23)
• syslog.severity.str: severity as a string
• syslog.severity: severity as a number (0-7)
• syslog.message: message sent to syslog

New and Updated events

• ptrace