Change log for VMWARE_ESX
| Date | Changes |
|---|---|
| 2025-04-21 | Enhancement:
- Added Grok patterns to parse the unparsed raw logs. - Added "has_principal" flag for "principal_hostname","iporhost","fields.host","host.hostname" raw log fields. - Added "has_principal_ip" flag for "host.ip","syslog_ip" raw log fields. - Added "has_target" flag for "syslog_host" raw log field. - Changes made in "vmware_esx_named_dns.include" file : - Added a "has_principal_value" flag as a conditional check before drop condition. - Changes made in "vmware_esx_rhttpproxy.include" file : - Added a Grok pattern to parse the unparsed raw logs. - Changes made in "vmware_esx_vpxa.include" file : - Added a Grok pattern to parse the unparsed raw logs. - Added a separate mutate block for "sub","task_service","op_id","application","iporhost" raw log fields. - Added "has_principal_ip_value", "has_principal_value", "has_principal_host" and "has_target_ip", "has_target", "has_target_process" flags before mapping "PROCESS_LAUNCH" event type. - Added "has_principal_ip_value", "has_principal_value" flags before mapping "STATUS_UPDATE" event type. |
| 2025-04-01 | Enhancement:
- Updated changelog.txt file. |
| 2025-03-12 | Enhancement:
- Added Grok patterns to parse login and logout events - Mapped "op_id" to "metadata.product_log_id". - Mapped "sid" to "network.session_id". - Mapped "target_username" is mapped to "target.user.userid". - Set "metadata.event_type" to "USER_LOGIN" and "USER_LOGOUT" for successful "logged in" and "log out" events respectively. - Mapped "iporhost" to "principal.hostname". - Mapped "dst_tar_ip" to "target.ip" and "target.asset.ip". - Mapped "iporhost" to "principal.hostname" and "principal.asset.hostname". |
| 2025-02-11 | Enhancement:
- Added Grok patterns to parse "login/logout" events correctly. |
| 2024-07-01 | Enhancement:
- Added support for a new pattern of Syslog logs. |
| 2024-06-11 | Enhancement:
- Added support for a new pattern of Syslog logs. |
| 2024-06-03 | Enhancement:
- Added support for a new pattern of JSON logs. |
| 2024-05-09 | Enhancement:
- Added support for new pattern of "snmpd" and "Rhttpproxy" logs. - Mapped "prod_event_type" to "metadata.product_event_type". - Mapped "context" to "additional.fields". |
| 2024-02-07 | Bug-Fix:
- Added new Grok patterns to support the SYSLOG logs which are getting dropped. - Mapped "newVersion" and "filter" to "security_result.detection_fields". - Mapped "description" to "security_result.description". |
| 2023-10-10 | Enhancement:
Modified the following JSON key names using the gsub function: - "service" to "serv". - "event" to "log_event". - "@timestamp" to "timestamp". - "@version" to "version". Added new Grok patterns to handle the JSON logs with new fields. Matched the "timestamp" to "RFC 3339" and "TIMESTAMP_ISO8601" formats. Mapped "host.hostname" to "principal.hostname". Mapped "host.ip" to "principal.ip". Mapped "type", "serv.type", "log.syslog.facility.code", "log.syslog.facility.name", "log.syslog.severity.code", "log.syslog.severity.name", and "log.syslog.priority" to "additional.fields". Mapped "process.name" to "service". Mapped "version" to "metadata.product_version". Mapped "severity" to "security_result.severity". |
| 2023-09-25 | Enhancement:
- Added new Grok patterns to handle the new type of SYSLOG for VMware ESXi. - Mapped "app_name" to "principal.application". - Mapped "severity" to "security_result.severity". |
| 2023-07-17 | Bug_fix - Mapped "username" to "target.user.userid".
Mapped "pid" to "principal.process.pid". Mapped "description" to "metadata.description". |
| 2023-06-12 | Bug_fix - Modified mapping of "session" for type "vmauthd". Mapped it to "network.session_id".
|
| 2022-09-01 | Bug_fix - Unmapped principal.namespace from its hardcoded value.
|
| 2022-08-24 | Enhancement - - Added new date type to parse dates of format "yyyy-MM-ddTHH:mm:s".
|
| 2022-08-03 | Enhancement - Added the grok patterns to handle the logs with service :- hostd, vmon andd vrops.
|
| 2022-07-26 | Enhancement -
Where "service" is equal to "Rhttpproxy" - Modified mapping for "principal.namespace". - Mapped "namespace" to "additional.fields". Where "service" is equal to "crond" - Mapped "parent_pid" to "target.process.parent_process.pid". |
| 2022-07-05 | Bugfix - Updated the parser to match the timestamp in "yyyy-MM-ddTHH:mm:ss.SSSS" format.
|
| 2022-06-13 | Enhancement - Modified/Added the grok patterns to handle the logs with service :- hostd, sendmail, sshd, sudo, vmcad, vmon, vpxd, vrops.
Bugfix - Modified "metadata.event_type" for 'vmauthd' logs from "USER_LOGIN" to "GENERIC_EVENT". |
| 2022-05-02 | Bugfix - As per the user requirement, target.hostname mapping changed to principal.ip for the logs which have service as "Hostd".
|
| 2022-04-13 | Enhancement-Parsed the logs having the following service names: hostd-probe, vmkernel, vmkwarning, Fdm, netcpa, root, hpHelper, snmpd, etc.
Mapped logstash.ingest.timestamp to metadata.ingested_timestamp, logstash.ingest.host and logstash.process.host to intermediary.hostname, logstash.collect.host to observer.hostname. |