Stay organized with collections
Save and categorize content based on your preferences.
Change log for ARUBA_SWITCH
Date
Changes
2025-05-26
Enhancement:
- Added grok patterns to support new pattern of SYSLOG logs.
- event.idm.read_only_udm.security_result.action_details: Newly mapped `status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field.
- Changed `event_type` from `NETWORK_CONNECTION` to `STATUS_UPDATE` when target machine data is not available.
- Added support for new a new timestamp format.
- Added a grok pattern to support a new format for the description field.
- Modified the `if` condition for `user_id` raw_field.
- Removed the setting for `has_target` as `true` if there is no target machine data.
2024-11-14
Enhancement:
- Mapped "severity" to "security_result.severity".
2024-10-29
Enhancement:
- Modified grok pattern to parse "severity" and "amm" fields.
2024-10-16
Enhancement:
- Added support for new format of SYSLOG logs.
- Changed mapping of "userid" from "principal.user.userid" to "target.user.userid".
- Based on the log description, set "metadata.event_type" as "USER_LOGIN" or "USER_LOGOUT" or "NETWORK_CONNECTION".
- Based on the log description, set "security_result.action" as "ALLOW" or "BLOCK".
2024-09-17
Enhancement:
- Added support for a new pattern of SYSLOG logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["This change log details updates and enhancements made to the ARUBA_SWITCH parser over time."],["The parser has been enhanced to support new SYSLOG log formats and patterns as of 2024-09-17 and 2024-10-16."],["Modifications were made to field mappings, including \"severity,\" \"amm,\" and \"userid,\" improving data parsing accuracy."],["The parser now dynamically sets \"metadata.event_type\" and \"security_result.action\" based on the log description."],["The parser was initially created on 2024-04-18, serving as a foundation for subsequent changes and enhancements."]]],[]]
