Would it be a nice idea to auto-decode any hex-encoded values (eg; proctitle is frequently encoded as such). This apparently happens automagically when the value contains a space

The goal of go-audit is mainly to get logs out of the kernel and off the host as quickly as possible. We are decoding later in the log stream using streamstash. We wrote a small line-parser using streamstash that you can use on your host though.