Change log for F5_DNS
| Date | Changes |
|---|---|
| 2025-05-19 | Enhancement:
- Added support for new pattern of SYSLOG + KV logs by adding a Grok pattern followed by a kv filter. - event.idm.read_only_udm.principal.user.userid: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field and set `has_user` to `true`. - event.idm.read_only_udm.principal.ip & event.idm.read_only_udm.principal.asset.ip: Newly mapped `host` raw log field with `event.idm.read_only_udm.principal.ip` & `event.idm.read_only_udm.principal.asset.ip` UDM fields and set `has_principal` to `true`. - event.idm.read_only_udm.additional.fields: Newly mapped `partition`, `level`, `attempts`, `tty`, `start` and `end` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.event_type: Set `event.idm.read_only_udm.metadata.event_type` to: `USER_UNCATEGORIZED` if `has_user` is `true`, else `STATUS_UPDATE` if `has_principal` is `true`. - Added null checks for `data12`, `action`, `desc_scriptd` and `file_path` fields before mapping their concatenation with `event.idm.read_only_udm.security_result.description` UDM field. - Added a gsub block to parse logs where `application` is `httpd` and `msg3` is not null. |
| 2025-04-17 | Enhancement:
- event.idm.read_only_udm.metadata.event_timestamp: Newly mapped `datetime` field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. |
| 2025-01-30 | Enhancement:
- Added support to parse logs with "httpd" application. |