Hello,
Is there an option within auditd to set whether commands are stored as hex vs ASCII?
With the prevalence of SIEM these days, seems easier to keep the commands as ASCII and not presume a person needs to have access to a local system to run ausearch.
Have gone through the documentation but didn't see an answer.
Thanks