Stay organized with collections
Save and categorize content based on your preferences.
Change log for FORGEROCK_OPENIDM
Date
Changes
2025-02-13
Enhancement:
- Added a new Grok pattern to parse new format logs.
- Mapped "elapsed_time" and "X-Content-Type-Options" to "additional.fields".
- When "Host" has "ip", then mapped "Host" to "principal.ip".
2025-01-24
Enhancement:
- Added support for syslog format logs.
2024-11-28
Enhancement:
- Added support for a new array format of the logs.
2024-06-15
Enhancement:
- Mapped "trackingIds.0" to "metadata.product_log_id".
- Mapped "principalData.0" to "principal.user.userid".
- Mapped "context.userRolesProperty", "context.authenticationId", and "context.authenticationIdProperty" to "principal.user.attribute.roles".
- Mapped "context.component", "context.moduleId", and "context.queryId" to "principal.resource.attribute.labels".
- Mapped "context.roles", "_normalized.fieldNames", and "_eventId" to "additional.fields".
- Removed "gsubs" to handle array values of "principalData" and "trackingIds".
- When "status" is nearly equal to "success", then set "security_result.action" to "ALLOW".
- When "status" is nearly equal to "fail", then set "security_result.action" to "BLOCK".
- Initialized "security_result" to null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The parser for FORGEROCK_OPENIDM has been enhanced to support various log formats, including syslog and a new array format."],["New mappings have been added to better organize log data, including mapping fields like \"elapsed_time\", \"X-Content-Type-Options\", \"trackingIds.0\", and others to relevant categories."],["The parser now features logic to determine security actions, setting \"security_result.action\" to \"ALLOW\" for \"success\" status and \"BLOCK\" for \"fail\" status."],["A new Grok pattern has been introduced to interpret newly formatted logs, improving the parsing capabilities."],["The parser has been created initially on the 2024-04-03."]]],[]]