I have the following message from auditd tty logging forwarded to syslog:
node=testchefnode05.drf.corp type=TTY msg=audit(1507750553.739:348): tty pid=2203 uid=0 auid=1270 ses=2 major=136 minor=0 comm=“bash” data=63616C20323031310D
The “data” field is a hex string of the recorded tty ketstrokes.
For example the hex string “63616C20323031310D” above would be “cal 2011[13]” in ascii, where [13] is a carriage return.
I would like to get that converted to an ascii string so it is readable. Is there some sort of function that I can use in an extractor or pipeline to do that?