Add support for dumping to SQLite

[hslatman]

Hey @dreadl0ck,

I've known and been watching this project for a while now, and recently got more interested in it again while working on a little side project. In it, I have the need to combine the data from a few different audit record types. After first hacking something together operating on several files at once, I figured it could be useful to view and/or combine the data using SQL for further analysis instead. It also seemed useful for others, so I started working on an SQLite integration for the dump command.

The PR currently only adds support for the Connection type, as I first wanted to gauge whether or not this would be something you'd be willing to merge. I decided to put it in its own package, to not clutter the existing io.Dump function with the SQLite format. It uses modernc.org/sqlite, so no CGo is required for SQLite support.

Personally, I think the approach in this PR is more convenient than first dumping multiple audit record type files to CSV, and then importing into SQLite, as the data type information doesn't get lost, but it does require adding/maintaining additional helper functions for each (supported) audit record type. If the current approach isn't satisfactory, I could look into creating some utility command to dump multiple audit record files to CSV and then 1) import them into a database, or 2) write the raw SQL to files.

Thank you for working on Netcap! 😄

[dreadl0ck]

Hey @hslatman,

awesome, thanks for contributing!

I like the idea of extending the dump tool to support dumping in a relational database like SQL for further analysis.
For performance and type safety reasons, this should definitely be implemented directly from Go and not via CSV export.

Will take a closer look asap, pretty busy at the moment and just recently picked up working on nectap again.