I wrote a small go script and traced it using strace though this script, I am trying to fetch audit messages from kernel using netlink protocol, just like like auditd.
Following is the strace output on my go script- http://paste.ubuntu.com/8272760/
I am trying to find the argument that auditd provide to the sendto function. When I run strace on auditd I get following output
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
And when I strace my go file I get the following output. I am looking to decode the second argument of this statement
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
To be specific
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
Now I want to convert this to string or bytes array, is there any way to convert this to string or byte array?
In my actual go code this argument is a byte array.
https://github.com/mozilla/Audit-Go/blob/testing/netlink_old.go#L58