Change log for CISCO_IOS
| Date | Changes |
|---|---|
| 2025-04-24 | Enhancement:
- Added support to handle `event.idm.read_only_udm.metadata.event_timestamp` UDM field mapping by including timezone. |
| 2025-04-10 | Enhancement:
- Added a Grok patterns to parse a new format of SYSLOG logs. - event.idm.read_only_udm.metadata.event_timestamp: Added a new date pattern to map "ts" to "event.idm.read_only_udm.metadata.event_timestamp" UDM field. |
| 2025-03-18 | Enhancement:
- Added a grok pattern to parse a new format of syslog logs. |
| 2025-03-17 | Enhancement:
- Added a grok pattern to extract user name, and source port from the cisco_message field. - Mapped the extracted user name to principal.user.userid. - Based on existing mapping src_port will be mapped to principal.port. |
| 2025-03-14 | Enhancement:
- Added grok patterns to parse a new format of syslog logs. |
| 2025-03-12 | Enhancement:
- Added Grok patterns to parse new format of logs. - Mapped "tls_cipher" to "network.tls.cipher". - Mapped "tls_client" to "network.tls.client.supported_ciphers". - Mapped "Chassis_data" to "additional.fields". - Mapped "timezone" to "additional.fields". - Mapped "cisco_message" to "network.application_protocol". |
| 2025-03-11 | Enhancement:
- Added new Grok patterns to parse new format of syslogs. - Matched "date_time" to "ISO8601". - Mapped "metadata.event_type" to "USER_LOGIN" and "USER_LOGOUT" for successful authentication and logout events, respectively. - Mapped "extensions.auth.type" to "AUTHTYPE_UNSPECIFIED" |
| 2025-03-04 | Enhancement:
- Added support for a new format of (SYSLOG + KV) logs. - Mapped "type" to "metadata.product_event_type". - Mapped "client_mac" to "principal.mac" and "principal.asset.mac". - Mapped "sequence_id","vap", "band", "channel", "rssi", "aid" and "radio" to "additional.fields". |
| 2025-02-11 | Enhancement:
- Added support for a new syslog log format. |
| 2025-01-23 | Enhancement:
- Added support for a new syslog log format. |
| 2025-01-02 | Enhancement:
- Added support for a new syslog log format. |
| 2024-12-27 | Enhancement:
- Added support for a new syslog log format. |
| 2024-11-25 | Enhancement:
- Added a Grok pattern to parse new logs. - Mapped hostname in syslog header to "intermediary.hostname" from "target.hostname". |
| 2024-11-19 | Enhancement:
- Added support for a new format of syslog logs. |
| 2024-10-28 | Enhancement:
- Added a Grok pattern to parse new logs. |
| 2024-10-24 | Enhancement:
- Added a Grok pattern to parse new logs. |
| 2024-10-01 | Enhancement:
- Added a Grok pattern to parse new logs. |
| 2024-07-04 | Enhancement:
- Added support for a new pattern of syslog logs. |
| 2024-04-02 | Enhancement:
- Added a new Grok pattern to parse new log type. - Mapped the new fields to corresponding UDM fields. |
| 2023-10-04 | Enhancement:
- Added a new Grok pattern to parse new log type. - Mapped "source_facility" to "principal.hostname". |
| 2023-08-11 | Enhancement:
- Mapped "intermediary.ip" when message contains "HOST=". - Mapped "principal.user.userid" when message contains "User:". - Mapped "principal.process.command_line" when message contains "command:". - Mapped "target.user.userid" when message contains "username". - Mapped "metadata.event_type" to a more specific "metadata.event_type". |