Skip to content

Releases: elastic/go-libaudit

2.5.0

23 Jan 16:16
5216c76
Compare
Choose a tag to compare

Added

  • Add ECS normalization for exit_group syscall. #149

Changed

  • Update syscall and architecture tables. #147

2.4.0

24 Oct 05:59
4164fc0
Compare
Choose a tag to compare

Added

  • Support saddr_fam filters. #145

Changed

  • Update Vagrant file gvm and ubuntu versions. #145

2.3.3

10 Aug 21:35
Compare
Choose a tag to compare

Changed

  • Expanded the bitmask applied to ECS file.mode in the aucoalesce package so that the SUID, SGID, and sticky bits can be represented. #137

2.3.2

24 Aug 21:26
Compare
Choose a tag to compare

Changed

  • Reduce allocations when converting bytes to strings for received messages. #116 #122

2.3.1

20 Jul 16:26
Compare
Choose a tag to compare

Changed

  • Reduce heap allocations when parsing and enriching auditd events. #111

Fixed

  • Fix change in behaviour that causes error when unmarshaling AuditStatus with a short buffer. #110
  • Fix minimum AuditStatus length so that library can support kernels from 2.6.32. #113 #119
  • Fix parsing of audit rules where arguments are quoted (like file paths containing spaces). #115

2.3.0

04 May 16:18
Compare
Choose a tag to compare

Added

  • Add ECS mappings for more audit anomaly events. #70
  • Add BacklogWaitTimeActual status field, which is available since Linux 5.9 #93
  • Add ECS normalizations for TIME_ADJNTPVAL and TIME_INJOFFSET. #98
  • Add support for exe filters in exclude rules (e.g. -a exclude,always -F exe=/bin/ls). #97

Changed

  • Update syscall, arches, and audit msg type tables for Linux 5.16. #96
  • Go 1.16 or newer is required because the project uses the embed package. #104
  • Fixed error messages from AddRule() in the audit client. #103

Removed

  • Removed support for resolving syscall numbers to names for the ia64 architecture. #96

2.2.0

03 Feb 08:03
Compare
Choose a tag to compare

[2.2.0]

Added

  • Add user and group mapping for ECS 1.8 compatibility #86

Changed

  • Change ECS category of USER_START and USER_END messages to session. #86

2.1.0

08 Dec 22:48
9aafaf3
Compare
Choose a tag to compare

Added

  • ECS 1.7 configuration categorization. #80

Changed

  • Use ingress/egress instead of inbound/outbound for ECS 1.7. #80

2.0.2

19 Aug 15:00
8bcb06e
Compare
Choose a tag to compare

Changed

  • Use ECS recommended values for network direction. #75 #76

Removed

  • Remove github.com/Sirupsen/logrus dependency from examples. #73

2.0.1

20 Jul 11:57
Compare
Choose a tag to compare

Changed

  • Fixed syscall lookup for ppc64 and ppc64le. #71