hoanga2dtk68
commented
3 months ago
I am using your rule, it works quite well but I am having problems with making it difficult to investigate when there is a problem with the log recorded in the command. For example, when I use whoami or ifconfig to test, it only shows sh as shown in the image above. Is there any way to fix this?