Change log for CISCO_NX_OS
| Date | Changes |
|---|---|
| 2025-05-19 | Enhancement:
- Added a Grok pattern to parse `event.idm.read_only_udm.intermediary.hostname` UDM field correctly. - event.idm.read_only_udm.target.user.userid: Newly mapped `tar_user` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `prin_ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. |
| 2025-05-14 | Enhancement:
- Added a Grok pattern for "description" to parse important UDM field values. - `event.idm.read_only_udm.target.user.attribute.roles`: Newly mapped `roles` raw log field with `event.idm.read_only_udm.target.user.attribute.roles` UDM field - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `userid` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field - `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.assets.ip`: Newly mapped `prin_ip` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.assets.ip` UDM field |
| 2025-04-14 | Enhancement:
- Added a Grok pattern in order to map the `GENERIC_EVENT` logs to proper `event_type`. - Added a Grok pattern to extract the `username` field from a new format of logs with SYSLOG format. |
| 2025-03-05 | Enhancement:
- Added support for SYSLOG logs. - Mapped "prod_event_type" to "metadata.product_event_type". |
| 2025-02-14 | Enhancement:
- Changed mapping of "device_ip" to "intermediary.hostname" and "intermediary.ip". - Removed mapping of "device_ip" to "target.ip". |
| 2025-02-07 | Enhancement:
- Added support for new pattern of syslog logs. |
| 2025-02-05 | Enhancement:
- Added a new Grok pattern to support new log formats. - Mapped "Hostname" to "intermediary.hostname". - Mapped "ip_1" to "intermediary.ip". |
| 2024-12-23 | Enhancement:
- Changed mapping of "device_ip" from "principal.ip". If "device_ip" is an IP address, it is mapped to "intermediary.ip". Otherwise, it is mapped to "intermediary.hostname". |
| 2023-09-05 | Enhancement:
- Added a new Grok pattern to support new log formats. |
| 2023-08-11 | Enhancement:
- Added support for logs containing "AAA_ACCOUNTING_MESSAGE". - Added new Grok pattern to support new log formats. - Reduced number of "GENERIC_EVENTS" by mapping "metadata.event_type" to a more specific enum value. |
| 2023-06-28 | - Added new Grok pattern to parse date.
|