Change log for CISCO_ROUTER
Date | Changes |
---|---|
2024-10-15 | Enhancement:
- Mapped "inter_hostname" to "intermediary.ip" and "intermediary_host" to "intermediary.hostname". |
2024-09-12 | Enhancement:
- Added a Grok pattern to map "int_ip" to "intermediary.hostname". |
2024-06-26 | Enhancement:
- Added a new Grok pattern to parse a new format of SYSLOG logs. |
2024-06-09 | Enhancement:
- Mapped "hostname" from syslog header to "intermediary.hostname". |
2024-05-20 | Enhancement:
- Added a new Grok pattern to parse a new format of SYSLOG logs. - Mapped "MessageSourceAddress" to "principal.ip" and "principal.asset.ip". - Mapped "SourceModuleName" and "SourceModuleType" to "principal.resource.attribute.labels". |
2023-11-10 | Enhancement:
- Added new Grok patterns to parse failing SYSLOG logs. - Added "Unable", "exceeded", and "No space left on device" conditions for "AUTH_VIOLATION". |
2023-10-30 | Enhancement:
- Added new Grok patterns to parse failing syslog logs. - Mapped "resourcename" to "principal.resource.name". - Mapped "app_protocol" to "network.application.protocol". - Mapped "app" to "target.application". - Mapped "source_port" to "principal.port". - Mapped "source_ip" to "principal.ip". - Mapped "device_ip" to "target.ip". - Mapped "username" to "target.user.userid". - Mapped "intermediary_ip" to "intermediary.ip". - Mapped "mnemonics" to "metadata.event_type". - Mapped "sec_action" to "security_result.action". - Mapped "sec_category" "security_result.category". - Mapped "sec_summary" to "security_result.summary". - For authentication type logs, set "metadata.event_type" to "USER_LOGIN". |
2023-05-09 | Enhancement-
- Logs with value "FMANFP-6-IPACCESSLOGP" are parsed as "NETWORK_CONNECTION" events. |
2022-12-02 | Enhancement-
- Added grok to support unparsed Syslog logs. - If "principal.hostname" changed event_type mapping from GENERIC_EVENT to STATUS_UPDATE. |
2022-11-10 | Enhancement-
- Added support for SYS-5-CONFIG_I event logs. - Modified grok to support logs having timezone. |
2022-10-27 | Enhancement-
Parse following syslog fields of log type IOSXE-6-PLATFORM -Mapped "ip" to "intermediary.ip" -Mapped "src_ip" to "principal.ip" -Mapped "src_port" to "principal.port" -Mapped "dst_ip" to "target.ip" -Mapped "dst_port" to "target.port" -Mapped "protocol" to "network.ip_protocol" -Mapped "facility" to "principal.resource.type" -Mapped "mnemonics" to "metadata.product_event_type" -Mapped "sc_summary" to "metadata.description" -Mapped "sr_action" to "security_result.action" -Mapped "summary" to "security_result.summary" |
2022-08-23 | Enhancement-
-Corrected mapping of principal and target ip -Mapped "target_ip" to "event.idm.read_only_udm.target.ip" -Mapped "src_ip" to "event.idm.read_only_udm.principal.asset.ip" |
2022-07-01 | Enhancement-
Fixed an error to parse logs containing product_event_type as SYS-3-LOGGINGHOST_FAIL,SEC_LOGIN-5-LOGIN_SUCCESS,SYS-6-LOGGINGHOST_STARTSTOP,SYS-6-LOGOUT and timestamp is not present. Changed metadata.event_type of SYS-3-LOGGINGHOST_FAIL logs to STATUS_UPDATE from GENERIC_EVENT |