go-libaudit

go-libaudit copied to clipboard

The current interface to aucoalesce is func CoalesceMessages(msgs []*auparse.AuditMessage) (*Event, error).

Given that the warnings produced by this function are mainly for debugging and development we could change the function to accept a variable number of options like func CoalesceMessages(msgs []*auparse.AuditMessage, opts ...Option) (*Event, error). Then we could pass an option to enable the inclusion of warnings with the event. Like

    evt, err := aucoalesce.CoalesceMessages(msgs, aucoalesce.IncludeWarnings)

Future options might be to make ECS enrichment configurable.