Add elastic/go-libaudit parser #47090
Description
Describe the enhancement:
Add https://github.com/elastic/go-libaudit to filebeat
Describe a specific use case for the enhancement or feature:
In the system integration, we ingest auditd logs with filebeat and use a series of grok patterns in the ingest pipeline to parse the fields out of the logs. Due to the rather complicated format of auditd output it is quite difficult to use regex patterns to robustly extract fields. We are also maintaining two distinct parsers for the same data at the moment. If we could parse the logs using libaudit and only send the extracted fields that would be a large improvement.