Change log for MIKROTIK_ROUTER

Date Changes
2025-08-19 Enhancement:
- `event.idm.read_only_udm.metadata.product_version`:Newly mapped `version` raw log field to `event.idm.read_only_udm.metadata.product_version` UDM field.
- `event.idm.read_only_udm.target.hostname`:Newly mapped `dvchost` raw log field to `event.idm.read_only_udm.target.hostname` UDM field.
- `event.idm.read_only_udm.target.asset.hostname`:Newly mapped `dvchost` raw log field to `event.idm.read_only_udm.target.asset.hostname` UDM field.
- `event.idm.read_only_udm.target.application`:Newly mapped `app` raw log field to `event.idm.read_only_udm.target.application` UDM field.
- `event.idm.read_only_udm.target.application`:Newly mapped `application_name` raw log field (from msg) to `event.idm.read_only_udm.target.application` UDM field.
- `event.idm.read_only_udm.target.user.userid`:Newly mapped `duser` raw log field to `event.idm.read_only_udm.target.user.userid` UDM field.
- `event.idm.read_only_udm.target.user.userid`:Newly mapped `username` raw log field (from msg) to `event.idm.read_only_udm.target.user.userid` UDM field.
- `event.idm.read_only_udm.principal.ip`:Newly mapped `src_ip` raw log field (from KV) to `event.idm.read_only_udm.principal.ip` UDM field.
- `event.idm.read_only_udm.principal.ip`:Newly mapped `srcip` raw log field (from msg) to `event.idm.read_only_udm.principal.ip` UDM field.
- `event.idm.read_only_udm.target.ip`:Newly mapped dvc `raw log` field to `event.idm.read_only_udm.target.ip` UDM field.
- `event.idm.read_only_udm.target.ip`:Newly mapped dstip `raw log` field (from msg) to `event.idm.read_only_udm.target.ip` UDM field.
- `event.idm.read_only_udm.target.ip`:Newly mapped tar_ip `raw log` field (from msg) to `event.idm.read_only_udm.target.ip` UDM field.
- `event.idm.read_only_udm.metadata.description`:Newly mapped `msg` raw log field to `event.idm.read_only_udm.metadata.description` UDM field.
- `event.idm.read_only_udm.network.dhcp.ciaddr`:Newly mapped `ciaddr` raw log field (from msg) to `event.idm.read_only_udm.network.dhcp.ciaddr` UDM field.
- `event.idm.read_only_udm.network.dhcp.chaddr`:Newly mapped `chaddr` raw log field (from msg) to `event.idm.read_only_udm.network.dhcp.chaddr` UDM field.
- `event.idm.read_only_udm.network.dhcp.client_hostname`:Newly mapped `dhcp_hostname` raw log field (from msg) to `event.idm.read_only_udm.network.dhcp.client_hostname` UDM field.
- `event.idm.read_only_udm.network.dhcp.yiaddr`:Newly mapped `yiaddr` raw log field (from msg) to `event.idm.read_only_udm.network.dhcp.yiaddr` UDM field.
- `event.idm.read_only_udm.principal.mac`:Newly mapped `smac` raw log field (from msg) to `event.idm.read_only_udm.principal.mac` UDM field.
- `event.idm.read_only_udm.network.dhcp.siaddr`:Newly mapped `siaddr` raw log field (from msg) to `event.idm.read_only_udm.network.dhcp.siaddr` UDM field.
- `event.idm.read_only_udm.principal.asset.ip`:Newly mapped `srcip` raw log field (from msg) to `event.idm.read_only_udm.principal.asset.ip` UDM field.
- `event.idm.read_only_udm.target.asset.ip`:Newly mapped `dstip` raw log field (from msg) to `event.idm.read_only_udm.target.asset.ip` UDM field.
- `event.idm.read_only_udm.network.dns.id`:Newly mapped `dns_id` raw log field (from msg) to `event.idm.read_only_udm.network.dns.id` UDM field.
- `event.idm.read_only_udm.network.dns.questions[0].name`:Newly mapped `question_name` raw log field (from msg) to `event.idm.read_only_udm.network.dns.questions[0].name` UDM field.
- `event.idm.read_only_udm.additional.fields`:Newly mapped `outcome` (key "Outcome"), in (key "in"), out (key "out"), packet_mark (key "packet_mark"), connection_mark (key "connection_mark"), param_list (key "param_list"), max_dhcp_message_size (key "max_dhcp_message_size"), client_id (key "client_id"), action_id (key "action_id"), add_time (key "add_time") raw log fields to `event.idm.read_only_udm.additional.fields` UDM field.
- `event.idm.read_only_udm.principal.port`:Renamed from `srcport` to `event.idm.read_only_udm.principal.port`.
- `event.idm.read_only_udm.target.port`:Renamed from `dstport` to `event.idm.read_only_udm.target.port`.
- Added grok patterns to parse msg field.
- `event.idm.read_only_udm.metadata.event_type`:
- If msg contains "logged in", updated to USER_LOGIN.
- If msg contains "logged out", updated to USER_LOGOUT.
- If message contains "dns" and has_dns is "true", updated to NETWORK_DNS.
- If message contains "dhcp" and has_dhcp is "true", updated to NETWORK_DHCP.
- If has_target is "true" and not previously set, updated to NETWORK_CONNECTION.
- Added support for parsing CEF formatted logs.
- Added KV filter to parse key-value pairs from the kv_data field extracted from CEF.
- Added gsub to rename src to src_ip in kv_data before KV processing.
- Added gsub to rename dst to dst_ip in kv_data before KV processing.
2025-02-25 Enhancement:
- Added "gsub" to parse valid "client_mac" to "principal.mac".
2025-02-07 Enhancement:
- Changed "WORD" to "DATA" in the Grok pattern.
2025-01-21 Enhancement:
- Mapped "metadata.event_type" to "NETWORK_DHCP" for DHCP logs.
- Mapped "client_mac" to "principal.mac".
- When "details" has "assigned", then mapped "network.dhcp.type" to "ACK".
- When "details" has "deassigned", then mapped "network.dhcp.type" to "RELEASE".
- When "details" has "request", then mapped "network.dhcp.type" to "REQUEST".
- When "details" has "offer", then mapped "network.dhcp.type" to "OFFER".
2025-01-20 Enhancement:
- Modified the Grok pattern to parse "intermediary.hostname" data.
2024-12-18 Enhancement:
- Added support for new format of syslog logs.
2024-11-26 Enhancement:
- Modified the Grok pattern to remove "period" from the data.
- Mapped "server_name" to "target.hostname" and "target.asset.
2024-11-15 Enhancement:
- Mapped "action" to "security_result.action".
2024-09-30 - Changed mapping for "username" from "principal.user.userid", "src.user.userid" to "target.user.userid".
- For the login event, mapped "metadata.event_type" to "USER_LOGIN".
- For the logout event, mapped "metadata.event_type" to "USER_LOGOUT".
- Mapped "application" to "target.application".
- Mapped "bytes_in" to "network.received_bytes".
- Mapped "bytes_out" to "network.sent_bytes".
- Mapped "connection_time_in_seconds", "packets_in" and "packets_out" to "security_result.detection_fields".
2024-05-28 Newly created parser.