Announcements
Security Advisories
CVE-2025-6264
CVE-2025-0914
CVE-2024-10526
CVE-2023-5950
CVE-2023-2226
CVE-2023-0242
CVE-2023-0290
Documentation
Velociraptor Overview
History
Support Policy
Security
Deployment
Quickstart
Server Deployment
Key Concepts
Key Decisions
Deployment Example
Multi-Frontend
Upgrades
Organizations
Deploying Clients
Security
Performance
Troubleshooting
Config Reference
The Admin GUI
Managing Artifacts
Keyboard Shortcuts
Debugging
Internal
Metrics
Golang
Client
Monitoring
Flows
Services
Export
Throttler
Tempfiles
VQL
Queries
Plugins
ETW
Glob
Evtx
Sigma
Sqlite
Managing Clients
Searching for clients
Interrogation
Collecting Artifacts
Labels
Metadata
Quarantine
Virtual File System
Shell Commands
Monitoring
Troubleshooting
VQL
VQL Fundamentals
Event Queries
JOIN in VQL
Artifacts
Calling Artifacts
Managing Artifacts
Extending VQL
VQL Reference
Artifacts
Managing Artifacts
Basic Fields
Advanced Fields
Parameters
Sources
Preconditions
Export & Imports
Calling Artifacts
Event Queues
Security
Other Use Cases
Artifact Writing Tips
Artifact Reference
Artifact Exchange
Notebooks
Hunting
Forensic Analysis
Searching Filesystems
Velociraptor Paths
Remapping Accessors
Searching Content
NTFS Analysis
Binary parsing
Evidence Of Execution
Event Logs
Volatile State
Triage and acquisition
Remote Uploads
Server Automation
Server API
Server Monitoring
CLI
acl
artifacts
collector
config
deaddisk
fs (filesystem)
fuse
server_service
service
tools
user
Miscellaneous
CLI flags
Downloads
VQL Reference
Frequently Used ✨
Windows-only
Linux-only
Server-only
Parsers
Encode/Decode
Event Plugins
Experimental
Developer
Other
Accessors
Training
Playbooks
Blog
Presentations
Linux Conf Au 2022
Auscert 2022
SANS Summit 2022
Velocon 2022
DFRWS APAC 2022
EverythingOpen 2023
VeloCON 2023
Auscert 2024
Auscert 2024 Talk
Auscert 2025 Workshop
Artifact Exchange
Artifact Reference
Knowledge Base
Search
Github
Discord
YouTube
Mailing List
RSS
Rapid7 Docs
parse_auditd
parse_auditd
Description
parse_auditd
Plugin
Arg
Description
Type
filename
A list of log files to parse.
list of OSPath (required)
accessor
The accessor to use.
string
buffer_size
Maximum size of line buffer.
int
Description
Parse log files generated by auditd.