Change log for INFOBLOX_DHCP
| Date | Changes |
|---|---|
| 2025-08-19 | Enhancement:
- Added a Grok pattern to parse new format of log. - event.idm.read_only_udm.target.ip and event.idm.read_only_udm.target.asset.ip: Newly mapped `target_ip` raw log field with `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.target.hostname and event.idm.read_only_udm.target.asset.hostname: Newly mapped `target_host` raw log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field. - event.idm.read_only_udm.target.mac: Newly mapped `target_mac` raw log field with `event.idm.read_only_udm.target.mac` UDM field. - event.idm.read_only_udm.observer.ip and event.idm.read_only_udm.observer.hostname: If `observerdata` raw log field has IP value then mapped with `event.idm.read_only_udm.observer.ip` UDM field else mapped `observerdata` raw log field with `event.idm.read_only_udm.observer.hostname` UDM field. - Declared `principal_port` to null in statedata. - Added condition check for `network_dhcp.type` to `ACK` when `clientMac` is not empty. - Added a Grok pattern to parse `clientMac` properly. - Added condition check for `event_type` to `NETWORK_DHCP` when `clientMac` is not empty or `clientIp` is not empty or `dhcpServerIp` is not empty. - Added condition check for `event_type` to `STATUS_UPDATE` when `clientHostname` is not empty or `clientIp` is not empty. |
| 2025-07-18 | Enhancement:
- Added grok patterns to parse new format of logs. - event.idm.read_only_udm.network_dhcp.client_hostname : Newly mapped `clientHostname` raw log field with `event.idm.read_only_udm.network_dhcp.client_hostname` UDM field when `eventType` is `DHCPREQUEST`, `REQUEST`, `r-l-e` or `BOOTREQUEST`. - event.idm.read_only_udm.network_dhcp.ciaddr : Newly mapped `clientIp` raw log field with `event.idm.read_only_udm.network_dhcp.ciaddr` UDM field when `eventType` is `DHCPACK` or `DHCPOFFER`. - event.idm.read_only_udm.principal.hostname, event.idm.read_only_udm.principal.asset.hostname, event.idm.read_only_udm.network_dhcp.client_hostname : Newly mapped `clientHostname` raw log field with `event.idm.read_only_udm.principal.hostname`, `event.idm.read_only_udm.principal.asset.hostname` and `event.idm.read_only_udm.network_dhcp.client_hostname` UDM field when `eventType` is `DHCPDISCOVER`, `DHCPDECLINE` or `DISCOVER`. - event.idm.read_only_udm.observer.ip : Newly mapped `observer_ip` raw log field with `event.idm.read_only_udm.observer.ip` UDM field when `eventType` is `reverse map`, `forward map`, `Forward map` or `Reverse map`. |
| 2025-06-04 | Enhancement:
- event.idm.read_only_udm.intermediary.ip: Newly mapped `syslogHost` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field when eventType is `DHCPREQUEST`, `DHCPDISCOVER`, `DHCPEXPIRE`, `DHCPDECLINE`, `DHCPINFORM`, `DHCPNAK`, `DHCPRELEASE`. - event.idm.read_only_udm.network_dhcp.giaddr: Newly mapped `dhcpServerIp` raw log field with `event.idm.read_only_udm.network_dhcp.giaddr` UDM field when eventType is `DHCPDISCOVER`, `DHCPDECLINE`, `DHCPINFORM`, `DHCPNAK`, `DHCPRELEASE`. - event.idm.read_only_udm.network_dhcp.ciaddr: Newly mapped `clientIp` raw log field with `event.idm.read_only_udm.network_dhcp.ciaddr` UDM field when eventType is `DHCPEXPIRE`, `DHCPDECLINE`, `DHCPNAK`. - event.idm.read_only_udm.network_dhcp.chaddr: Newly mapped `clientMac` raw log field with `event.idm.read_only_udm.network_dhcp.chaddr` UDM field when eventType is `DHCPDECLINE`, `DHCPNAK`. - event.idm.read_only_udm.target.port: Newly mapped `targetport` raw log field with `event.idm.read_only_udm.target.port` UDM field when eventType is `reverse map`. |
| 2025-03-03 | Enhancement:
- event.idm.read_only_udm.intermediary.ip: Removed mapping of `syslogIp` from `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.principal.ip: Removed mapping of `syslogHost` from `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Removed mapping of `syslogHost` from `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `syslogHost` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.network.dhcp.ciaddr: Removed mapping of `clientIp` from `event.idm.read_only_udm.network.dhcp.ciaddr` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Removed mapping of `clientHostname` from `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.intermediary.ip: Newly mapped of `dhcpServerIp` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Removed mapping of `clientIp` from `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.observer.ip: Removed mapping of `clientIp` from `event.idm.read_only_udm.observer.ip` UDM field. |
| 2024-10-17 | Enhancement:
- Mapped "clientIp" to "network_dhcp.ciaddr" for DHCPOFFER and DHCPINFORM logs. |
| 2024-04-19 | Enhancement:
- Added conditional check for "dhcpServerIp". - Mapped "syslogIp" to "network_dhcp.ciaddr". |
| 2024-01-10 | - Mapped "status" to "additional.fields".
|
| 2023-04-26 | - Reverted a previous check-in as it was breaking DHCP aliasing
|
| 2022-08-05 | - Modified "event_type" from "GENERIC_EVENT" to "USER_RESOURCE_ACCESS" to reduce generic percentage.
|
| 2022-07-06 | Enhancement:
- Handled the dropped logs and mapped them to valid event_types. - Dropped logs had following eventType, which are now handled: "forward map", "Reverse", "Forward", "Removed", "Processed", "Dynamic", "Lease", "Unable", "reverse map", "bind", "map update", "parse_option_buffer", "Added","DDNS", "ICMP","update-security" ,"update","notify","general","LPF", "Sending". - Also, following "process" were dropped earlier are now handled: "netauto_discovery", "ntpd". - Other condition checks like "msg1" containing "DNS update latency|pool|syslog|declaration|write|Consortium|reserved|duplicate|leases|visit|disconnected" are handled. - Added new code block to handle "forward map" and "reverse map" and made them parse. - Changed event type from "GENERIC_EVENT" to "STATUS_UPDATE" wherever possible. |
| 2022-04-13 | Newly created default parser.
|