Stay organized with collections
Save and categorize content based on your preferences.
Change log for F5_VPN
Date
Changes
2024-10-23
Enhancement:
- Added support for KV format.
2024-05-20
Enhancement:
- Modified a Grok pattern to parse "principal.resource.name" correctly.
- Added a Grok pattern to parse "uid" and "sAmAccountName" and mapped to "target.hostname".
- Mapped "Hostname" to "target.hostname" and "target.asset.hostname".
- Mapped "sess_id" to "network.session_id" for "SAML Agent" messages.
2024-03-05
Enhancement:
- Added a Grok pattern to parse syslog logs.
- Mapped "internal_ip" to "target.ip" and "target.asset.ip".
- Mapped "sess_id" to "network.session_id".
- Mapped "file_path" to "principal.resource.name".
- Mapped "useragent" to "network.http.user_agent".
- Mapped "User-Agent" and "useragent" to "network.http.parsed_user_agent".
- Mapped "username" to "target.user.userid".
- Mapped "sid" to "target.user.windows_sid".
- Mapped "bytes_out" to "network.sent_bytes".
- Mapped "bytes_in" to "network.received_bytes".
- Mapped "Platform" to "principal.platform".
- Mapped "Platform_Version" to "principal.platform_version".
- Mapped "Javascript_Support", "ActiveX_Support", "Plugin_Support", "Version", "Model", "CPU", "UI_Mode", "SP", "IDP", "to_rule_item", "from_rule_item", "policy_result", "rule", "resource", "ppp_id", "tunnel_resource", "server_vip_ip", "server_vip_name", and "Canonical_Info" to "additional.fields".
2022-07-22
Enhancement:
- Modified grok pattern to parse the date present in "RFC 3339" format.
- Added "gsub" to remove "/" from "resource_id".
2022-07-08
Enhancement:
- Mapped "uri_path" to "target.url".
- Mapped "protocol" to "network.application_protocol".
- Mapped "method" to "network.http.method".
- Mapped "User-Agent" to "network.http.user_agent".
- Mapped "s_ip" to "src.ip".
- Mapped "t_ip" to "target.ip".
- Mapped "t_port" to "target.port".
- Mapped "s_nat_ip" to "target.nat_ip".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "descrip" to "security_result.description".
- Mapped "user" to "principal.user.userid".
- Mapped "command" to "target.process.command_line".
When "application" is equal to "logger"
- Mapped "cipher_name" to "network.tls.cipher".
- Mapped "tls_version" to "network.tls.version".
- Mapped "resource_id" to "target.resource.id"
- Mapped "src_ip" to "principal.ip".
- Mapped "url" to "network.http.referral_url".
- Mapped "status" to "network.http.response_code".
2022-07-08
Enhancement:
- Mapped "uri_path" to "target.url".
- Mapped "protocol" to "network.application_protocol".
- Mapped "method" to "network.http.method".
- Mapped "User-Agent" to "network.http.user_agent".
- Mapped "s_ip" to "src.ip".
- Mapped "t_ip" to "target.ip".
- Mapped "t_port" to "target.port".
- Mapped "s_nat_ip" to "target.nat_ip".
- Mapped "ip_protocol" to "network.ip_protocol".
- Mapped "descrip" to "security_result.description".
- Mapped "user" to "principal.user.userid".
- Mapped "command" to "target.process.command_line".
When "application" is equal to "logger"
- Mapped "cipher_name" to "network.tls.cipher".
- Mapped "tls_version" to "network.tls.version".
- Mapped "resource_id" to "target.resource.id"
- Mapped "src_ip" to "principal.ip".
- Mapped "url" to "network.http.referral_url".
- Mapped "status" to "network.http.response_code".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe F5_VPN change log documents enhancements and modifications to grok patterns and data mappings over time.\u003c/p\u003e\n"],["\u003cp\u003eRecent updates include the addition of KV format support and modifications to grok patterns for parsing specific fields such as "principal.resource.name", "uid", and "sAmAccountName".\u003c/p\u003e\n"],["\u003cp\u003eMultiple data mappings were implemented, such as mapping "Hostname" to "target.hostname" and "target.asset.hostname" and "sess_id" to "network.session_id".\u003c/p\u003e\n"],["\u003cp\u003eVarious fields have been mapped to their respective categories, such as "internal_ip" to "target.ip", "useragent" to "network.http.user_agent", and multiple fields to "additional.fields".\u003c/p\u003e\n"],["\u003cp\u003eOlder changes highlight previous enhancements, such as parsing the date in "RFC 3339" format and other numerous data mapping modifications.\u003c/p\u003e\n"]]],[],null,["Change log for F5_VPN\n\n| Date | Changes |\n|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2024-10-23 | Enhancement: - Added support for KV format. |\n| 2024-05-20 | Enhancement: - Modified a Grok pattern to parse \"principal.resource.name\" correctly. - Added a Grok pattern to parse \"uid\" and \"sAmAccountName\" and mapped to \"target.hostname\". - Mapped \"Hostname\" to \"target.hostname\" and \"target.asset.hostname\". - Mapped \"sess_id\" to \"network.session_id\" for \"SAML Agent\" messages. |\n| 2024-03-05 | Enhancement: - Added a Grok pattern to parse syslog logs. - Mapped \"internal_ip\" to \"target.ip\" and \"target.asset.ip\". - Mapped \"sess_id\" to \"network.session_id\". - Mapped \"file_path\" to \"principal.resource.name\". - Mapped \"useragent\" to \"network.http.user_agent\". - Mapped \"User-Agent\" and \"useragent\" to \"network.http.parsed_user_agent\". - Mapped \"username\" to \"target.user.userid\". - Mapped \"sid\" to \"target.user.windows_sid\". - Mapped \"bytes_out\" to \"network.sent_bytes\". - Mapped \"bytes_in\" to \"network.received_bytes\". - Mapped \"Platform\" to \"principal.platform\". - Mapped \"Platform_Version\" to \"principal.platform_version\". - Mapped \"Javascript_Support\", \"ActiveX_Support\", \"Plugin_Support\", \"Version\", \"Model\", \"CPU\", \"UI_Mode\", \"SP\", \"IDP\", \"to_rule_item\", \"from_rule_item\", \"policy_result\", \"rule\", \"resource\", \"ppp_id\", \"tunnel_resource\", \"server_vip_ip\", \"server_vip_name\", and \"Canonical_Info\" to \"additional.fields\". |\n| 2022-07-22 | Enhancement: - Modified grok pattern to parse the date present in \"RFC 3339\" format. - Added \"gsub\" to remove \"/\" from \"resource_id\". |\n| 2022-07-08 | Enhancement: - Mapped \"uri_path\" to \"target.url\". - Mapped \"protocol\" to \"network.application_protocol\". - Mapped \"method\" to \"network.http.method\". - Mapped \"User-Agent\" to \"network.http.user_agent\". - Mapped \"s_ip\" to \"src.ip\". - Mapped \"t_ip\" to \"target.ip\". - Mapped \"t_port\" to \"target.port\". - Mapped \"s_nat_ip\" to \"target.nat_ip\". - Mapped \"ip_protocol\" to \"network.ip_protocol\". - Mapped \"descrip\" to \"security_result.description\". - Mapped \"user\" to \"principal.user.userid\". - Mapped \"command\" to \"target.process.command_line\". When \"application\" is equal to \"logger\" - Mapped \"cipher_name\" to \"network.tls.cipher\". - Mapped \"tls_version\" to \"network.tls.version\". - Mapped \"resource_id\" to \"target.resource.id\" - Mapped \"src_ip\" to \"principal.ip\". - Mapped \"url\" to \"network.http.referral_url\". - Mapped \"status\" to \"network.http.response_code\". |\n| 2022-07-08 | Enhancement: - Mapped \"uri_path\" to \"target.url\". - Mapped \"protocol\" to \"network.application_protocol\". - Mapped \"method\" to \"network.http.method\". - Mapped \"User-Agent\" to \"network.http.user_agent\". - Mapped \"s_ip\" to \"src.ip\". - Mapped \"t_ip\" to \"target.ip\". - Mapped \"t_port\" to \"target.port\". - Mapped \"s_nat_ip\" to \"target.nat_ip\". - Mapped \"ip_protocol\" to \"network.ip_protocol\". - Mapped \"descrip\" to \"security_result.description\". - Mapped \"user\" to \"principal.user.userid\". - Mapped \"command\" to \"target.process.command_line\". When \"application\" is equal to \"logger\" - Mapped \"cipher_name\" to \"network.tls.cipher\". - Mapped \"tls_version\" to \"network.tls.version\". - Mapped \"resource_id\" to \"target.resource.id\" - Mapped \"src_ip\" to \"principal.ip\". - Mapped \"url\" to \"network.http.referral_url\". - Mapped \"status\" to \"network.http.response_code\". |"]]