Hi,
I'm looking for a way to add the traced process metadata for ptrace events on linux. This could be done using the add_process_metadata and the PID (second argument of ptrace syscall). However, auditd.data.aX fields are not prefixed with "0x" even though they are stored as hex values. This causes convert processor to fail.
Could you point towards the relevant file in audibeat's code so that I can try to quickly fix my problem ? I'm still a bit unfamiliar with the beat's code organization.
Thank you for your time 