Change log for HAPROXY
Date | Changes |
---|---|
2025-07-30 | Enhancement:
- Added a Grok pattern to parse new pattern of logs. - Added KV filter block to parse the kv_data field, splitting keys and values. - `event.idm.read_only_udm.principal.ip`: Newly mapped `source_ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field . - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `source_ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field . - `event.idm.read_only_udm.principal.port`: Newly mapped `source_port` raw log field with `event.idm.read_only_udm.principal.port` UDM field . - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `status_code` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field . - `event.idm.read_only_udm.network.received_bytes`: Newly mapped `bytes` raw log field with `event.idm.read_only_udm.network.received_bytes` UDM field . - `event.idm.read_only_udm.intermediary.ip`: Newly mapped `inter_ip` (from header_host) raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field . - `event.idm.read_only_udm.intermediary.port`: Newly mapped `inter_port` (from header_host) raw log field with `event.idm.read_only_udm.intermediary.port` UDM field . - `event.idm.read_only_udm.target.ip`: Newly mapped `destination_ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field . - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `destination_ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field . - `event.idm.read_only_udm.target.port`: Newly mapped `destination_port` raw log field with `event.idm.read_only_udm.target.port` UDM field . - `event.idm.read_only_udm.network.http.referral_url`: Newly mapped `referer` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field . - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `user_agent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `time_stamp` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `x_forwarded_for` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `content_length` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `datetime` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field . |
2024-08-23 | Enhancement:
- Added support for a new pattern of syslog logs. |
2023-09-25 | Enhancement:
- Added new Grok patterns to parse new type of logs. - Mapped "http_version" to "metadata.product_version". - Mapped "user_name" to "target.user.userid". - Mapped "process_name" to "target.application". - Mapped "severity" to "security_result.severity". - Mapped "msg" to "security_result.summary". - Added new conditions for new log types and their severity. |
2023-05-08 | - Added new Grok pattern to parse new type of logs.
|
2022-10-20 | Newly created parser.
|