[Auditd]: auditd.log.record_type not preserved
Closed this issue · 1 comments
nicholasberlin commented
Integration Name
Auditd Logs [auditd]
Dataset Name
auditd.log
Integration Version
3.20.0
Agent Version
8.13.0
Agent Output Type
elasticsearch
Elasticsearch Version
8.13.0
OS Version and Architecture
Linux
Software/API Version
No response
Error Message
auditd.log.record_type is missing from type=SYSCALL messages
Event Original
No response
What did you do?
default
What did you see?
i see event.action being set to syscall, instead of auditd.log.record_type being SYSCALL.
What did you expect to see?
I expected auditd.log.record_type to be there.
Anything else?
No response
elasticmachine commented
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)