Сподели с приятели

1. Grep for the user
grep user /usr/local/maldetect/event_log

2. Take the number from the output and grep for it
grep 843668 /usr/local/maldetect/event_log

3. Find the report number (report 180319-1343.843668).

4. Run
sudo cat /usr/local/maldetect/sess/session.180319-1343.843668

where you replace the number with the one grepped.

Сподели с приятели