• I've read and understood the Contributing guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've searched for any related issues and avoided creating a duplicate issue.

Description

Hello!
I want to ask you to consider creating ECS (https://www.elastic.co/guide/en/ecs/1.9/ecs-field-reference.html) compatible go-audit output format.
ECS is a field name normalization scheme used in the Elastic Security (SIEM) module, which we want to use in our SOC.

At the moment, the correspondence of field names to the ECS scheme out of the box is present when using the Auditbeat utility with the auditd module (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html).
It looks like we can use Filebeat with auditd module to simply read auditd logs too (https://www.elastic.co/guide/en/beats/filebeat/7.11/filebeat-module-auditd.html).

But I think these options could not be used if we want to use go-audit instead of classic auditd.
Manually converting field names in accordance with the ECS format is a very time-consuming task and it would be very cool if a go-audit could do it out of the box.

I found another interesting Elastic repository with similar topic https://github.com/elastic/go-libaudit, maybe it will give you some additional useful data.