Skip to content

(Simple) Feature Request - adapting the auditd work from an existing repo #40726

New issue
New issue
Closed
Closed
(Simple) Feature Request - adapting the auditd work from an existing repo#40726
Labels
enhancementNew feature or requestneeds triageNew item requiring triage
@nnWhisperer

Description

@nnWhisperer
nnWhisperer
opened on Jun 14, 2025

Component(s)

No response

Is your feature request related to a problem? Please describe.

Hello,
Thank you for the good work with the tool you are developing. It would be even better to add an auditd exporter/processor.
I imagine that adding such a feature is desirable to make the monitored system safer, plus would make your work even more valuable I suppose.

Describe the solution you'd like

Filebeat provides an auditd exporter/processor. Their source code is Apache 2.0 licensed too and the processing is done here
On the implementation side, it seems quite easy to implement the same logic by taking it from the filebeat's source code. There can be some adaption needed, but it will probably be something like renaming some of the fields. I believe a developer can do it in 1-2 days.

Describe alternatives you've considered

Originally the request was posted here. And a suggestion was to use regexes to do parsing, which isn't feature complete as filebeat and error-prone(the filebeat version has unit-tests AFAIR).

Additional context

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestneeds triageNew item requiring triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions