Fix typo in test.log

filebeat/module/auditd/log/test/test.log

@@ -9,7 +9,7 @@ type=SOFTWARE_UPDATE msg=audit(1573844484.309:785): pid=3157 uid=0 auid=1000 ses
 type=SYSTEM_BOOT msg=audit(1573844456.144:5): pid=678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
 type=SYSTEM_SHUTDOWN msg=audit(1573844517.054:1163): pid=4440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
 type=EXECVE msg=audit(1581371984.206:579393): argc=1 a0=top
-type=SYSCALL msg=audit(1581371984.206:579398: arch=x86_64 syscall=execve success=yes exit=0 a0=0x1fd05c0 a1=0x1fd2730 a2=0x1fd4640 a3=0x7ffc6939f360 items=2 ppid=2563 pid=2614 auid=vagrant uid=vagrant gid=vagrant euid=vagrant suid=vagrant fsuid=vagrant egid=vagrant sgid=vagrant fsgid=vagrant tty=pts0 ses=2 comm=top exe=/usr/bin/top subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
+type=SYSCALL msg=audit(1581371984.206:579398): arch=x86_64 syscall=execve success=yes exit=0 a0=0x1fd05c0 a1=0x1fd2730 a2=0x1fd4640 a3=0x7ffc6939f360 items=2 ppid=2563 pid=2614 auid=vagrant uid=vagrant gid=vagrant euid=vagrant suid=vagrant fsuid=vagrant egid=vagrant sgid=vagrant fsgid=vagrant tty=pts0 ses=2 comm=top exe=/usr/bin/top subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
 type=KERN_MODULE msg=audit(1581371984.206:579397): name=mymodule
 type=VIRT_CONTROL msg=audit(1513507481.075:145): pid=1431 uid=0 auid=100 ses=3 subj=system_u:system_r:container_runtime_t:s0 msg='user=root reason=api op=create vm=? vm-pid=? hostname=? exe="/usr/bin/dockerd-current" addr=? terminal=? res=success'
 type=VIRT_MACHINE_ID msg=audit(1481903143.572:23118): pid=5637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm vm="rhel-work3" uuid=5501263b-181d-47ed-ab03-a6066f3d26bf vm-ctx=system_u:system_r:svirt_t:s0:c444,c977 img-ctx=system_u:object_r:svirt_image_t:s0:c444,c977 model=selinux exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

filebeat/module/auditd/log/test/test.log-expected.json

@@ -241,12 +241,13 @@
         "service.type": "auditd"
     },
     {
-        "@timestamp": "2020-02-12T15:12:49.297Z",
+        "@timestamp": "2020-02-10T21:59:44.206Z",
         "auditd.log.a0": "0x1fd05c0",
         "auditd.log.a1": "0x1fd2730",
         "auditd.log.a2": "0x1fd4640",
         "auditd.log.a3": "0x7ffc6939f360",
         "auditd.log.items": "2",
+        "auditd.log.sequence": 579398,
         "auditd.log.ses": "2",
         "auditd.log.subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
         "auditd.log.success": "yes",
@@ -261,7 +262,6 @@
         "host.architecture": "x86_64",
         "input.type": "log",
         "log.offset": 2748,
-        "message": "audit(1581371984.206:579398:",
         "process.executable": "/usr/bin/top",
         "process.exit_code": 0,
         "process.name": "top",
@@ -289,7 +289,7 @@
         "event.type": "driver",
         "fileset.name": "log",
         "input.type": "log",
-        "log.offset": 3152,
+        "log.offset": 3153,
         "service.type": "auditd"
     },
     {
@@ -309,7 +309,7 @@
         "event.type": "creation",
         "fileset.name": "log",
         "input.type": "log",
-        "log.offset": 3217,
+        "log.offset": 3218,
         "process.executable": "/usr/bin/dockerd-current",
         "process.pid": 1431,
         "service.type": "auditd",
@@ -338,7 +338,7 @@
         "event.type": "creation",
         "fileset.name": "log",
         "input.type": "log",
-        "log.offset": 3465,
+        "log.offset": 3466,
         "process.executable": "/usr/sbin/libvirtd",
         "process.pid": 5637,
         "service.type": "auditd",