Change log for A10_LOAD_BALANCER
| Date | Changes |
|---|---|
| 2024-12-27 | Enhancement:
- Added Grok patterns to parse unparsed logs. - Added a KV block to parse the logs. - Mapped "prin_host" to "principal.hostname" and "principal.asset.hostname". - Mapped "app" to "target.application". - Mapped "device_version" to "metadata.product_version". - Mapped "device_vendor" to "metadata.vendor_name". - Mapped "device_product" to "metadata.product_name". - Mapped "event_name" and "device_event_class_id" to "madeta.product_event_type". - Mapped "severity" to "security_result.severity". - Mapped "src" to "principal.ip" and "principal.asset.ip". - Mapped "spt" to "principal.port". - Mapped "dst" to "target.ip" and "target.asset.ip". - Mapped "dpt" to "target.port". - Mapped "msg" to "metadata.description". - Mapped "suser" to "principal.user.user_display_name". - Mapped "act" and "cn1" to "additional.fields". - Mapped "method" to "network.http.method". - Mapped "app_proto" to "network.application_protocol". - Mapped "tls_version" to "network.tls.version". |
| 2024-01-28 | - Newly created parser.
|