go-audit

About go-audit is an alternative to the auditd daemon that is included with many Linux distributions. After developing an auditd audisp plugin to convert audit logs into JSON format, I became interested in creating a replacement for the existing daemon. Goals: - Safe: Written in a modern programming language that ensures type safety and high performance. - Fast: Designed to avoid blocking whenever possible. - Outputs JSON: Supports JSON output format. - Pluggable pipelines: Can send output to syslog, local files, Graylog2, or stdout. Additional output options can be easily added. Connects to the Linux kernel using netlink. Usage: - Installation: To install, you need golang version 1.14 or greater. Clone the repository, build the binary, and place the go-audit binary in your desired location. - Testing: Execute the unit test suite, review code coverage results, run the benchmark test suite, and conduct benchmark tests with CPU profiling and garbage collection monitoring. - Running as a service: Refer to the contrib folder for examples on how to properly run go-audit as a service.