From 09d6008a8fb2bf5953bfd0bd1fc071a6bdd4339f Mon Sep 17 00:00:00 2001
From: Lee Hinman <57081003+leehinman@users.noreply.github.com>
Date: Tue, 18 Aug 2020 13:00:08 -0500
Subject: [PATCH] Use ECS recommended values for network direction (#76)

* Use ECS recommended values for network direction

- change incoming -> inbound
- change outgoing -> outbound

Closes #75
---
 CHANGELOG.md                                           |  6 ++++--
 aucoalesce/coalesce.go                                 |  4 ++--
 aucoalesce/testdata/rhel-7-linux-3.10.0.json.golden    |  6 +++---
 .../testdata/ubuntu-16.10-linux-4.8.0.json.golden      | 10 +++++-----
 .../testdata/ubuntu-17.04-linux-4.10.0.json.golden     |  4 ++--
 5 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b2b8007..f230b04 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,9 +9,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Changed
 
+- Use ECS recommended values for network direction. [#75](https://github.com/elastic/go-libaudit/issues/75)[#76](https://github.com/elastic/go-libaudit/pull/76)
+  
 ### Removed
 
-- Remove github.com/Sirupsen/logrus dependency from examples. [#73]https://github.com/elastic/go-libaudit/issues/73
+- Remove github.com/Sirupsen/logrus dependency from examples. [#73](https://github.com/elastic/go-libaudit/issues/73)
 
 ### Deprecated
 
@@ -191,4 +193,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 [0.0.4]: https://github.com/elastic/go-libaudit/releases/tag/v0.0.4
 [0.0.3]: https://github.com/elastic/go-libaudit/releases/tag/v0.0.3
 [0.0.2]: https://github.com/elastic/go-libaudit/releases/tag/v0.0.2
-[0.0.1]: https://github.com/elastic/go-libaudit/releases/tag/v0.0.1
\ No newline at end of file
+[0.0.1]: https://github.com/elastic/go-libaudit/releases/tag/v0.0.1
diff --git a/aucoalesce/coalesce.go b/aucoalesce/coalesce.go
index ce57c28..48db6c8 100644
--- a/aucoalesce/coalesce.go
+++ b/aucoalesce/coalesce.go
@@ -123,9 +123,9 @@ const (
 func (d Direction) String() string {
 	switch d {
 	case IncomingDir:
-		return "incoming"
+		return "inbound"
 	case OutgoingDir:
-		return "outgoing"
+		return "outbound"
 	}
 	return "unknown"
 }
diff --git a/aucoalesce/testdata/rhel-7-linux-3.10.0.json.golden b/aucoalesce/testdata/rhel-7-linux-3.10.0.json.golden
index f199597..ec6934e 100644
--- a/aucoalesce/testdata/rhel-7-linux-3.10.0.json.golden
+++ b/aucoalesce/testdata/rhel-7-linux-3.10.0.json.golden
@@ -140,7 +140,7 @@
         "ip": "96.241.146.97"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "fp": "6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3",
@@ -204,7 +204,7 @@
         "ip": "96.241.146.97"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "cipher": "chacha20-poly1305@openssh.com",
@@ -324,7 +324,7 @@
         "ip": "46.160.144.250"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "acct": "root",
diff --git a/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden b/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden
index 5d7a1e9..31d5d7f 100644
--- a/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden
+++ b/aucoalesce/testdata/ubuntu-16.10-linux-4.8.0.json.golden
@@ -462,7 +462,7 @@
         "ip": "179.38.151.221"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "acct": "(invalid user)",
@@ -517,7 +517,7 @@
         "ip": "72.83.230.100"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "hostname": "72.83.230.100",
@@ -573,7 +573,7 @@
         "ip": "72.83.230.100"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "acct": "andrew_kroh",
@@ -643,7 +643,7 @@
         "port": "58140"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "a0": "3",
@@ -786,7 +786,7 @@
         "port": "80"
       },
       "network": {
-        "direction": "outgoing"
+        "direction": "outbound"
       },
       "data": {
         "a0": "5",
diff --git a/aucoalesce/testdata/ubuntu-17.04-linux-4.10.0.json.golden b/aucoalesce/testdata/ubuntu-17.04-linux-4.10.0.json.golden
index a368e5a..25e333f 100644
--- a/aucoalesce/testdata/ubuntu-17.04-linux-4.10.0.json.golden
+++ b/aucoalesce/testdata/ubuntu-17.04-linux-4.10.0.json.golden
@@ -494,7 +494,7 @@
         "ip": "185.56.82.22"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "hostname": "185.56.82.22",
@@ -549,7 +549,7 @@
         "ip": "31.207.47.36"
       },
       "network": {
-        "direction": "incoming"
+        "direction": "inbound"
       },
       "data": {
         "acct": "(invalid user)",