Change log for VERSA_FIREWALL
| Date | Changes |
|---|---|
| 2025-06-06 | Enhancement:
- Added a Grok pattern to support new format of SYSLOG + KV logs. - event.idm.ready_only_udm.intermediary.hostname: Newly mapped `inter_hostname` raw log field with `event.idm.ready_only_udm.intermediary.hostname` UDM field - Fixed the code to handle the "network.ip_protocol" field. - Added a conditional check "has_principal". If "has_principal" is true and either of "destinationIPv4Address", "remoteSite" , "destinationIPv6Address" , "clientIPv4Address" or "hostname" is not empty then map "metadata.event_type" to "NETWORK_CONNECTION" else map "metadata.event_type" to "GENERIC_EVENT". - Added a conditional check "msg2". If "msg2" is not empty then map the log value's else drop the log. - Add a KV filter for "msg2" to filter out the data. |
| 2024-06-03 | Enhancement:
- Mapped "idpAction" to "security_result.action". - Mapped "threatType" to "security_result.detection_fields". - Mapped "ipsDirection" to "security_result.detection_fields". - Mapped "ipsProfile" to "security_result.detection_fields". - Mapped "signaturePriority" to "security_result.severity". - Mapped "signatureMsg" to "security_result.detection_fields". - Mapped "signatureId" to "security_result.detection_fields". - Mapped "ipsApplication" to "security_result.detection_fields". - Mapped "classMsg" to "security_result.description". - Mapped "ipsProfileRule" to "security_result.rule_name". - Mapped "ipsProtocol" to "network.ip_protocol". |
| 2023-07-03 | Enhancement: Added support for "entitlementLog", "monStatsLog", and "tcpAppMonLog".
|
| 2022-11-04 | Enhancement: New parser created.
|