The exec_args token records the arguments to an exec() system call. The fields are:
A token ID
A count that represents the number of arguments passed to the exec call
Zero or more null-terminated strings, the arguments of the exec call
The following figure shows an exec_args token.
The exec_args token is output only when the audit policy argv is active. See Dynamic Auditing (Tasks) for more information.
An exec_args token is displayed by praudit as follows:
exec_args,