Change log for AWS_CLOUDFRONT
| Date | Changes |
|---|---|
| 2025-05-22 | Enhancement:
- Added support for new pattern of SYSLOG logs. |
| 2025-04-26 | Enhancement:
- Added support for new pattern of SYSLOG logs. - Added Support to handle the new format of logs . - event.idm.read_only_udm.additional.fields : Newly mapped `avgrequestTime` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `htmlType` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `responseTime` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `securityKey` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.sent_bytes: Newly mapped `bytes` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM Field. - event.idm.read_only_udm.src.port: Newly mapped `srcport` raw log field with `event.idm.read_only_udm.src.port` UDM Field. - event.idm.read_only_udm.security_result.about.resource.name: Newly mapped `encryptionType` raw log field with `event.idm.read_only_udm.security_result.about.resource.name` UDM Field. - event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM Field. - event.idm.read_only_udm.src.ip: Newly mapped `scrip` raw log field with `event.idm.read_only_udm.src.ip` UDM Field. - event.idm.read_only_udm.target.ip : Newly mapped `targetip` raw log field with `event.idm.read_only_udm.target.ip` UDM Field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `targetip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM Field. - event.idm.read_only_udm.network.tls.version: Newly mapped `tlsvVersion` raw log field with `event.idm.read_only_udm.network.tls.version` UDM Field. - event.idm.read_only_udm.additional.fields : Newly mapped `CloudFront-Is-Desktop-Viewer` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `CloudFront-Is-Mobile-Viewer` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `CloudFront-Is-SmartTV-Viewer` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `CloudFront-Is-Tablet-Viewer` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.http.user_agent : Newly mapped `vDetails` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-envoy-expected-rq-timeout-ms` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-envoy-external-address` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-envoy-original-authority` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-f5-cdn-tls-ja3` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-f5-cdn-tls-ja4` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `x-forwarded-proto` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `xc-trusted-source` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields : Newly mapped `ipType` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.http.method : Newly Mapped `method` raw log field with `event.idm.read_only_udm.network.http.method` UDM Field. - event.idm.read_only_udm.metadata.product_log_id : Newly Mapped `x-request-id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM Field. - event.idm.read_only_udm.metadata.product_log_id : Newly Mapped `version` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM Field. - event.idm.read_only_udm.network.http.response_code : Newly Mapped `requestCode` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM Field. - event.idm.read_only_udm.principal.ip: Newly Mapped `ipAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. |
| 2025-04-25 | Enhancement:
- event.idm.read_only_udm.metadata.additional.fields: Newly mapped `uri_query` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - Modified the Grok pattern to correctly parse the `referral_url` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field and `url` raw log field with `event.idm.read_only_udm.target.url` UDM field. |
| 2025-02-26 | Enhancement:
- Added support for new pattern of JSON logs. - Mapped "Bucket" to "target.resource.name". - Mapped "accountID" to "principal.user.userid". - Mapped "file" to "target.file.full_path". - Mapped "region" to "principal.location.country_or_region" and "principal.cloud.availability_zone". - Mapped "msg" to "metadata.description". - Mapped "service", "aggregation", "func", "requestID", "lpcltype", "lpclagg", "level" and "LoggingEnabled" to "additional.fields". |
| 2024-09-05 | Enhancement:
- Modified a Grok pattern to parse new pattern of logs. |
| 2024-05-27 | Enhancement:
- Added support for JSON format logs. |
| 2022-05-27 | Enhancement - Modified the value stored in metadata.product_name to 'AWS CloudFront' and metadata.vendor_name to 'AMAZON'.
|