On 15/04/2021 00:33, home user wrote:
I tried that using "ps -ef | grep [pid]". The only hit was
the ps command itself.
It is not clear to me that you did this immediately after getting the alert.
According to the ausearch_out the PID is different at each instance of an alert. So, it
is possible that
whatever process produced the alert has exited or died after the series of alerts.
--
Remind me to ignore comments which aren't germane to the thread.