Change log for INFOBLOX_DHCP
| Date | Changes |
|---|---|
| 2025-06-04 | Enhancement:
- event.idm.read_only_udm.intermediary.ip: Newly mapped `syslogHost` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field when eventType is `DHCPREQUEST`, `DHCPDISCOVER`, `DHCPEXPIRE`, `DHCPDECLINE`, `DHCPINFORM`, `DHCPNAK`, `DHCPRELEASE`. - event.idm.read_only_udm.network_dhcp.giaddr: Newly mapped `dhcpServerIp` raw log field with `event.idm.read_only_udm.network_dhcp.giaddr` UDM field when eventType is `DHCPDISCOVER`, `DHCPDECLINE`, `DHCPINFORM`, `DHCPNAK`, `DHCPRELEASE`. - event.idm.read_only_udm.network_dhcp.ciaddr: Newly mapped `clientIp` raw log field with `event.idm.read_only_udm.network_dhcp.ciaddr` UDM field when eventType is `DHCPEXPIRE`, `DHCPDECLINE`, `DHCPNAK`. - event.idm.read_only_udm.network_dhcp.chaddr: Newly mapped `clientMac` raw log field with `event.idm.read_only_udm.network_dhcp.chaddr` UDM field when eventType is `DHCPDECLINE`, `DHCPNAK`. - event.idm.read_only_udm.target.port: Newly mapped `targetport` raw log field with `event.idm.read_only_udm.target.port` UDM field when eventType is `reverse map`. |
| 2025-03-03 | Enhancement:
- event.idm.read_only_udm.intermediary.ip: Removed mapping of `syslogIp` from `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.principal.ip: Removed mapping of `syslogHost` from `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Removed mapping of `syslogHost` from `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `syslogHost` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.network.dhcp.ciaddr: Removed mapping of `clientIp` from `event.idm.read_only_udm.network.dhcp.ciaddr` UDM field. - event.idm.read_only_udm.principal.asset.hostname: Removed mapping of `clientHostname` from `event.idm.read_only_udm.principal.asset.hostname` UDM field. - event.idm.read_only_udm.intermediary.ip: Newly mapped of `dhcpServerIp` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Removed mapping of `clientIp` from `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.observer.ip: Removed mapping of `clientIp` from `event.idm.read_only_udm.observer.ip` UDM field. |
| 2024-10-17 | Enhancement:
- Mapped "clientIp" to "network_dhcp.ciaddr" for DHCPOFFER and DHCPINFORM logs. |
| 2024-04-19 | Enhancement:
- Added conditional check for "dhcpServerIp". - Mapped "syslogIp" to "network_dhcp.ciaddr". |
| 2024-01-10 | - Mapped "status" to "additional.fields".
|
| 2023-04-26 | - Reverted a previous check-in as it was breaking DHCP aliasing
|
| 2022-08-05 | - Modified "event_type" from "GENERIC_EVENT" to "USER_RESOURCE_ACCESS" to reduce generic percentage.
|
| 2022-07-06 | Enhancement:
- Handled the dropped logs and mapped them to valid event_types. - Dropped logs had following eventType, which are now handled: "forward map", "Reverse", "Forward", "Removed", "Processed", "Dynamic", "Lease", "Unable", "reverse map", "bind", "map update", "parse_option_buffer", "Added","DDNS", "ICMP","update-security" ,"update","notify","general","LPF", "Sending". - Also, following "process" were dropped earlier are now handled: "netauto_discovery", "ntpd". - Other condition checks like "msg1" containing "DNS update latency|pool|syslog|declaration|write|Consortium|reserved|duplicate|leases|visit|disconnected" are handled. - Added new code block to handle "forward map" and "reverse map" and made them parse. - Changed event type from "GENERIC_EVENT" to "STATUS_UPDATE" wherever possible. |
| 2022-04-13 | Newly created default parser.
|