Re-introduce ppid (parent process id) in order to be able to recreate the exact process tree from logs

2016-02-12 14:07:47 -08:00 · 2016-02-12 14:07:47 -08:00 · 9710a77734
--- a/audisp-json.c
+++ b/audisp-json.c
@ -1027,6 +1027,8 @@ static void handle_event(auparse_state_t *au,
 				goto_record_type(au, type);
 				json_msg.details = json_add_attr(json_msg.details, "process", auparse_find_field(au, "exe"));
 				goto_record_type(au, type);
+				json_msg.details = json_add_attr(json_msg.details, "ppid", auparse_find_field(au, "ppid"));
+				goto_record_type(au, type);
 				json_msg.details = json_add_attr(json_msg.details, "pid", auparse_find_field(au, "pid"));
 				goto_record_type(au, type);
 				json_msg.details = json_add_attr(json_msg.details, "gid", auparse_find_field(au, "gid"));