Add syslog support to log enricher

[saschagrunert]

What type of PR is this?

/kind feature

What this PR does / why we need it:

This adds support for /var/log/syslog log files if auditd is not available on a node.

Which issue(s) this PR fixes:

None

Does this PR have test?

None

Special notes for your reviewer:

None

Does this PR introduce a user-facing change?

Added syslog support for log enricher.

[codecov-commenter]

Codecov Report

Merging #531 (4edcf65) into master (c8dab31) will increase coverage by 0.06%.
The diff coverage is 71.42%.

@@            Coverage Diff             @@
##           master     #531      +/-   ##
==========================================
+ Coverage   44.06%   44.12%   +0.06%     
==========================================
  Files          25       25              
  Lines        1305     1310       +5     
==========================================
+ Hits          575      578       +3     
- Misses        694      695       +1     
- Partials       36       37       +1     

[saschagrunert]

/test pull-security-profiles-operator-build-image

[JAORMX]

uhm... not sure if the syslog file is available in RHCOS, this might make it fail... let me verify

[saschagrunert]

uhm... not sure if the syslog file is available in RHCOS, this might make it fail... let me verify

Is auditd not enabled in RHCOS?

[JAORMX]

@saschagrunert auditd is enabled in RHCOS. But this PR adds by default the bind-mount for syslog, which will fail and not deploy properly in RHCOS.

[saschagrunert]

@saschagrunert auditd is enabled in RHCOS. But this PR adds by default the bind-mount for syslog, which will fail and not deploy properly in RHCOS.

No, it just mounts the /var/log dir, not the file itself.

[JAORMX]

ah! I missed that this gets filepath.Dir. This is fine!

[JAORMX]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JAORMX, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@saschagrunert: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-security-profiles-operator-test-e2e	4edcf65	link	/test pull-security-profiles-operator-test-e2e

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[saschagrunert]

e2e tests are broken right now, merging.