Hello,
auditbeat 7.7.0 is failing to start on a fresh Fedora 32 VM. Here is a partial debug log:
auditbeat[879]: 2020-05-18T03:43:54.446Z INFO [socket] guess/guess.go:258 Running 17 guesses ...
auditbeat[879]: 2020-05-18T03:43:54.446Z DEBUG [socket] guess/guess.go:270 Guess guess_deref skipped.
auditbeat[879]: 2020-05-18T03:43:54.503Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #1: {"SK_BUFF_PROTO":[176]}
auditbeat[879]: 2020-05-18T03:43:54.552Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #2: {"SK_BUFF_PROTO":[176]}
auditbeat[879]: 2020-05-18T03:43:54.607Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #3: {"SK_BUFF_PROTO":[176]}
auditbeat[879]: 2020-05-18T03:43:54.660Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #4: {"SK_BUFF_PROTO":[176,944]}
auditbeat[879]: 2020-05-18T03:43:54.712Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #5: {"SK_BUFF_PROTO":[176]}
auditbeat[879]: 2020-05-18T03:43:54.771Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #6: {"SK_BUFF_PROTO":[176,572,828]}
auditbeat[879]: 2020-05-18T03:43:54.825Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #7: {"SK_BUFF_PROTO":[176,944]}
auditbeat[879]: 2020-05-18T03:43:54.879Z DEBUG [socket] guess/guess.go:112 --- result of guess_sk_buff_proto run #8: {"SK_BUFF_PROTO":[176]}
auditbeat[879]: 2020-05-18T03:43:54.879Z DEBUG [socket] guess/guess.go:287 Guess guess_sk_buff_proto completed: {"SK_BUFF_PROTO":176}
auditbeat[879]: 2020-05-18T03:43:54.923Z DEBUG [socket] guess/guess.go:287 Guess guess_sockaddr_in6 completed: {"SOCKADDR_IN6_ADDRA":8,"SOCKADDR_IN6_ADDRB":16,"SOCKADDR_IN6_AF":0,"SOCKADDR_IN6_PORT":2}
auditbeat[879]: 2020-05-18T03:43:54.997Z DEBUG [socket] guess/guess.go:287 Guess guess_struct_socket_sk completed: {"SOCKET_SOCK":24}
auditbeat[879]: 2020-05-18T03:43:55.042Z DEBUG [socket] guess/guess.go:287 Guess guess_udp_sendmsg completed: {"UDP_SENDMSG_LEN":"%dx","UDP_SENDMSG_MSG":"%si","UDP_SENDMSG_SOCK":"%di"}
auditbeat[879]: 2020-05-18T03:43:55.077Z DEBUG [socket] guess/guess.go:287 Guess guess_struct_creds completed: {"STRUCT_CRED_EGID":24,"STRUCT_CRED_EUID":20,"STRUCT_CRED_GID":8,"STRUCT_CRED_UID":4}
auditbeat[879]: 2020-05-18T03:43:55.162Z DEBUG [socket] guess/guess.go:287 Guess guess_inet6_csk_xmit completed: {"INET6_CSK_XMIT_SKBUFF":"%si","INET6_CSK_XMIT_SOCK":"%di"}
auditbeat[879]: 2020-05-18T03:43:55.205Z DEBUG [socket] guess/guess.go:287 Guess guess_sockaddr_in completed: {"SOCKADDR_IN_ADDR":4,"SOCKADDR_IN_AF":0,"SOCKADDR_IN_PORT":2}
auditbeat[879]: 2020-05-18T03:43:55.237Z DEBUG [socket] guess/guess.go:287 Guess tcp_sendmsg_guess completed: {"TCP_SENDMSG_LEN":"%dx"}
auditbeat[879]: 2020-05-18T03:43:55.289Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock run #1: {"INET_SOCK_LADDR":[4,84,768,920],"INET_SOCK_LPORT":[776,930],"INET_SOCK_RADDR":[0,68,924],"INET_SOCK_RPORT":[12,928]}
auditbeat[879]: 2020-05-18T03:43:55.344Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock run #2: {"INET_SOCK_LADDR":[4,84,768,920],"INET_SOCK_LPORT":[776,930],"INET_SOCK_RADDR":[0,68,924],"INET_SOCK_RPORT":[12,928]}
auditbeat[879]: 2020-05-18T03:43:55.395Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock run #3: {"INET_SOCK_LADDR":[4,84,768,920],"INET_SOCK_LPORT":[776,930],"INET_SOCK_RADDR":[0,68,924],"INET_SOCK_RPORT":[12,928]}
auditbeat[879]: 2020-05-18T03:43:55.447Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock run #4: {"INET_SOCK_LADDR":[4,84,768,920],"INET_SOCK_LPORT":[776,930],"INET_SOCK_RADDR":[0,68,924],"INET_SOCK_RPORT":[12,928]}
auditbeat[879]: 2020-05-18T03:43:55.447Z DEBUG [socket] guess/guess.go:287 Guess guess_inet_sock completed: {"INET_SOCK_LADDR":4,"INET_SOCK_LADDR_LIST":[4,84,768,920],"INET_SOCK_LPORT":776,"INET_SOCK_LPORT_LIST":[776,930],"INET_SOCK_RADDR":0,"INET_SOCK_RADDR_LIST":[0,68,924],"INET_SOCK_RPORT":12,"INET_SOCK_RPORT_LIST":[12,928]}
auditbeat[879]: 2020-05-18T03:43:55.618Z DEBUG [socket] guess/guess.go:287 Guess guess_inet_sock_ipv6 completed: {"INET_SOCK_V6_LADDR_A":"+72","INET_SOCK_V6_LADDR_B":"+80","INET_SOCK_V6_LIMIT":56,"INET_SOCK_V6_RADDR_A":"+56","INET_SOCK_V6_RADDR_B":"+64","INET_SOCK_V6_TERM":":u64"}
auditbeat[879]: 2020-05-18T03:43:55.649Z DEBUG [socket] guess/guess.go:287 Guess guess_syscall_args completed: {"SYS_P1":"+0x70(%di)","SYS_P2":"+0x68(%di)","SYS_P3":"+0x60(%di)","SYS_P4":"+0x38(%di)","SYS_P5":"+0x48(%di)","SYS_P6":"+0x40(%di)"}
auditbeat[879]: 2020-05-18T03:43:55.701Z DEBUG [socket] guess/guess.go:287 Guess guess_tcp_sendmsg_sock completed: {"TCP_SENDMSG_SOCK":"%di"}
auditbeat[879]: 2020-05-18T03:43:55.701Z DEBUG [socket] guess/guess.go:121 --- guess_sk_buff_data_ptr run #0
auditbeat[879]: 2020-05-18T03:43:55.801Z DEBUG [socket] guess/guess.go:121 --- guess_sk_buff_data_ptr run #1
auditbeat[879]: 2020-05-18T03:43:55.884Z DEBUG [socket] guess/guess.go:287 Guess guess_sk_buff_data_ptr completed: {"SK_BUFF_HAS_POINTERS":false,"SK_BUFF_HEAD":192,"SK_BUFF_MAC":182,"SK_BUFF_NETWORK":180,"SK_BUFF_TRANSPORT":178}
auditbeat[879]: 2020-05-18T03:43:55.941Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #1: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:55.995Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #2: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.037Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #3: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.086Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #4: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.128Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #5: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.174Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #6: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.214Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #7: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.265Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #8: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.317Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #9: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.368Z DEBUG [socket] guess/guess.go:112 --- result of guess_inet_sock_af run #10: {"INET_SOCK_AF":[16]}
auditbeat[879]: 2020-05-18T03:43:56.368Z DEBUG [socket] guess/guess.go:287 Guess guess_inet_sock_af completed: {"INET_SOCK_AF":16}
auditbeat[879]: 2020-05-18T03:44:11.445Z WARN [cfgwarn] user/user.go:205 BETA: The system/user dataset is beta
auditbeat[879]: 2020-05-18T03:44:11.449Z DEBUG [user] user/user.go:247 No state timestamp found
auditbeat[879]: 2020-05-18T03:44:11.450Z DEBUG [user] user/user.go:255 Restored 0 users from disk
auditbeat[879]: 2020-05-18T03:44:11.450Z INFO instance/beat.go:411 auditbeat stopped.
auditbeat[879]: 2020-05-18T03:44:11.450Z ERROR instance/beat.go:932 Exiting: 1 error: system/socket dataset setup failed: unable to guess one or more required parameters: guess_ip_local_out failed: timeout while waiting for event
auditbeat[879]: Exiting: 1 error: system/socket dataset setup failed: unable to guess one or more required parameters: guess_ip_local_out failed: timeout while waiting for event