diff --git a/SOURCES/audit-3.0-bpf-record.patch b/SOURCES/audit-3.0-bpf-record.patch
new file mode 100644
index 0000000..eabf31d
--- /dev/null
+++ b/SOURCES/audit-3.0-bpf-record.patch
@@ -0,0 +1,38 @@
+From 9e0cf4082ddbefab8558ce1349e22f6f1777040d Mon Sep 17 00:00:00 2001
+From: olsajiri <42811547+olsajiri@users.noreply.github.com>
+Date: Wed, 11 Dec 2019 17:57:39 +0100
+Subject: [PATCH] Add support for AUDIT_BPF event (#104)
+
+Signed-off-by: Jiri Olsa <jolsa@redhat.com>
+---
+ lib/libaudit.h    | 4 ++++
+ lib/msg_typetab.h | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/lib/libaudit.h b/lib/libaudit.h
+index ac22e2c..0eea55f 100644
+--- a/lib/libaudit.h
++++ b/lib/libaudit.h
+@@ -290,6 +290,10 @@ extern "C" {
+ #define AUDIT_TIME_ADJNTPVAL	1333 /* NTP value adjustment */
+ #endif
+ 
++#ifndef AUDIT_BPF
++#define AUDIT_BPF		1334 /* BPF load/unload */
++#endif
++
+ #ifndef AUDIT_MAC_CALIPSO_ADD
+ #define AUDIT_MAC_CALIPSO_ADD	1418 /* NetLabel: add CALIPSO DOI entry */
+ #endif
+diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h
+index d668f34..81b1ea5 100644
+--- a/lib/msg_typetab.h
++++ b/lib/msg_typetab.h
+@@ -125,6 +125,7 @@ _S(AUDIT_KERN_MODULE,                "KERN_MODULE"                   )
+ _S(AUDIT_FANOTIFY,                   "FANOTIFY"                      )
+ _S(AUDIT_TIME_INJOFFSET,             "TIME_INJOFFSET"                )
+ _S(AUDIT_TIME_ADJNTPVAL,             "TIME_ADJNTPVAL"                )
++_S(AUDIT_BPF,                        "BPF"                           )
+ _S(AUDIT_AVC,                        "AVC"                           )
+ _S(AUDIT_SELINUX_ERR,                "SELINUX_ERR"                   )
+ _S(AUDIT_AVC_PATH,                   "AVC_PATH"                      )
diff --git a/SPECS/audit.spec b/SPECS/audit.spec
index 827edd2..0d837a0 100644
--- a/SPECS/audit.spec
+++ b/SPECS/audit.spec
@@ -3,13 +3,14 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 3.0
-Release: 0.16.20191104git1c2f876%{?dist}
+Release: 0.17.20191104git1c2f876%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha9.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 Patch1: audit-3.0-clang-warnings.patch
 Patch2: audit-3.0-user-event.patch
+Patch3: audit-3.0-bpf-record.patch
 
 BuildRequires: gcc swig
 BuildRequires: openldap-devel
@@ -86,6 +87,7 @@ Management Facility) database, through an IBM Tivoli Directory Server
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 cp %{SOURCE1} .
 
 %build
@@ -250,7 +252,10 @@ fi
 %attr(750,root,root) /sbin/audispd-zos-remote
 
 %changelog
-* Thu Nov 28 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.18.20191104git1c2f876
+* Wed Jan 08 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.17.20191104git1c2f876
+resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates (bpf patch)
+
+* Thu Nov 28 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.16.20191104git1c2f876
 resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin
 
 * Mon Nov 04 2019 Steve Grubb <sgrubb@redhat.com> 3.0-0.15.20191104git1c2f876