Change log for OCI_AUDIT
| Date | Changes |
|---|---|
| 2025-03-21 | Enhancement:
- Mapped "data.backendAddr" to "target.ip" and "target.asset.ip", and "target.port". - Mapped "data.clientAddr" to "principal.ip", "principal.asset.ip", and "principal.port". - Mapped "data.forwardedForAddr" to "principal.ip" and "principal.asset.ip". - Mapped "data.host" to "principal.hostname" and "principal.asset.hostname". - Mapped "data.backendConnectTime", "data.backendProcessingTime", "data.listenerName", "data.requestProcessingTime", "data.routingRulesEngineErrors", "data.routingRulesMatchedRule", "data.routingRulesRuleHits", "oracle.loggroupid", "oracle.logid", "oracle.resourceid", "source" and "data.routingRulesRuleMisses" to "additional.fields". - Mapped "data.backendStatusCode" to "network.http.response_code". - Mapped "data.receivedBytes" to "network.received_bytes". - Mapped "data.sentBytes" to "network.sent_bytes". - Mapped "data.sslCipher" to "network.tls.cipher". - Mapped "data.sslProtocol" to "network.tls.version". - Mapped "data.userAgent" to "network.http.user_agent". |
| 2025-01-30 | Enhancement:
- Added support for a new pattern of JSON logs. |
| 2024-11-22 | Enhancement:
- Mapped "data.request.headers.oci-original-url.0" to "principal.url". - Mapped "originalConnection.destinationIp" to "target.ip" and "target.asset.ip". - Mapped "originalConnection.destinationPort" to "target.port". - Mapped "originalConnection.sourcePort" to "principal.port". - Mapped "originalConnection.protocol" to "network.application_protocol". |
| 2024-10-24 | Enhancement:
- Added support to handle JSON logs. |
| 2024-06-14 | Enhancement:
- If "has_principal_user", "has_target_user", or "has_target" is "true", then set "metadata.event_type" to "USER_UNCATEGORIZED". |
| 2023-09-29 | Bug-Fix:
- Added a Grok pattern before mapping "data.identity.ipAddress" to UDM fields. - Mapped "ip1" to "principal.ip". - Mapped "ip2" to "principal.ip". |
| 2023-05-23 | Newly created parser.
|