Change log for SQUID_WEBPROXY
| Date | Changes |
|---|---|
| 2025-04-08 | Enhancement:
- Added a Grok pattern inorder to parse the logs with syslog format. - "event.idm.read_only_udm.additional.fields": Newly mapped "squid_instance", "tcp_tunnel", "hier_direct" raw log fields with "event.idm.read_only_udm.additional.fields" UDM field. - Added a condtion to check if "url" raw log field is not null before mapping with "event.idm.read_only_udm.target.url" UDM field. |
| 2025-03-26 | Enhancement:
- Added a Grok pattern to parse new format of syslog logs. - Mapped "user_agent" to "network.http.user_agent" and "network.http.parsed_user_agent". |
| 2025-02-27 | Enhancement:
- When "action" is "TCP_MISS" then mapped "ALLOW" to "security_result.action". |
| 2024-11-04 | Enhancement:
- Added support to map data from JSON logs. - Mapped "region" to "principal.cloud.availability_zone". - Mapped "source_type" to "additional.fields". |
| 2024-09-11 | Enhancement:
- Mapped "when" to "metadata.event_timestamp" as primary timestamp. |
| 2024-08-15 | Enhancement:
- Mapped "timestamp_value" to "metadata.event_timestamp". |
| 2024-04-03 | Enhancement:
- Mapped "user_agent" to "network.http.user_agent". - Mapped "recv_bytes" to "network.received_bytes". - Mapped "sent_bytes" to "network.sent_bytes". - Mapped "src_port" to "principal.port". - Aligned mappings for "principal.ip" and "principal.asset.ip". - Aligned mappings for "target.ip" and "target.asset.ip". - Aligned mappings for "target.hostname" and "target.asset.hostname". |
| 2022-10-30 | Enhancement, Bug-fix:
- Added a Grok pattern to parse dropped logs. - Added a Grok pattern to map the hostname of the Squid proxy server to "intermediary.hostname". |
| 2022-09-19 | Enhancement:
- Parsed syslog of type squid. - Mapped "insertId" to "metadata.product_log_id". - Mapped "logName" to "target.process.file.full_path". - Mapped "instance_id" to "additional.fields". - Mapped "project_id" to "additional.fields". - Mapped "zone" to "additional.fields". - Mapped "type" to "additional.fields". - Mapped "agent.ephemeral_id" to "additional.fields". - Mapped "agent.hostname" to "principal.hostname". - Mapped "agent.version" to "metadata.product_version". - Mapped "host.mac" to "principal.mac". - Mapped "host.ip" to "principal.ip". - Mapped "event_action" to "security_result.action_details". - Mapped "event_message" to "metadata.description". - Mapped "host.architecture" to "principal.asset.hardware". - Mapped "host.id" to "principal.asset.asset_id". - Mapped "host.os.version" to "principal.platform_version". - Mapped "host.os.kernel" to "principal.platform_patch_level". - Mapped "host.os.codename" to "additional.fields". - Mapped "syslog_severity" to "security_result.severity_details". - Mapped "syslog_severity_code" to "security_result.severity". - Mapped "host.os.platform" to "principal.platform". - Mapped "log.file.path" to "target.process.file.full_path". |