1 **Phase 1: Completed pre-decoding.
2 full event: 'May 26 19:40:41 enigma sudo: dcid : TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/usr/bin/tail /var/log/secure'
5 log: 'dcid : TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/usr/bin/tail /var/log/secure'
7 **Phase 2: Completed decoding.
10 url: '/var/www/htdocs'
12 status: '/usr/bin/tail /var/log/secure'
14 **Phase 3: Completed filtering (rules).
17 Description: 'First time user executed sudo.'
18 **Alert to be generated.