Change log for BIND_DNS

Date Changes
2024-11-25 Bug-fix:
- Changed mapping of "client_string" from "principal.mac" to "security_result.detection_fields".
- Changed mapping of "tar_host" from "target.hostname" to "observer.hostname".
- Changed mapping of "response_ip" from "target.ip" to "observer.ip".
- Mapped "query" to "target.hostname".
2024-10-30 Enhancement:
- Mapped "mac_address" to "principal.mac" and "dns_record_type" to "security_result.detection_fields".
2024-07-08 Enhancement:
- Added new Grok patterns to parse unparsed fields in the log.
- Mapped "view" to "additional.fields".
- Mapped "domain_name" to "network.dns.questions.type".
- Mapped "src_host" to "principal.hostname".
2024-02-24 Enhancement:
- Added new Grok patterns to parse unparse fields in the log.
- If "principal.hostname" is present, then mapped "metadata.event_type" to "STATUS_UPDATE".
- If "generic_message" is similar to "checkhints", then added a Grok pattern to extract "tar_host" and "response_ip".
- If "generic_message" is similar to "update" or "zone transfer", then added a Grok pattern to extract "tar_host" and "action".
- If "generic_message" is similar to "REFUSED unexpected RCODE", then added a Grok pattern to extract "tar_host", "src_ip", and "src_port".
- If "generic_message" is similar to "check_mk", then added a Grok pattern to extract "src_app", "src_ip", "src_port", "response_ip" and "response_port".
2024-01-30 Enhancement
- Added a new Grok pattern to extract "query".
2023-12-20 Enhancement
- Added new Grok patterns to parse new format logs.
- Mapped "pid" to "principal.process.pid".
- Mapped "response_ip_2" to "target.ip".
- If action value is similar to "denied" or "deny", mapped "security_result.action" to "BLOCK".
- If action value is similar to "allowed" or "allow", mapped "security_result.action" to "ALLOW".
2023-09-19 Enhancement
- Added new Grok patterns to parse dropped logs.
2023-07-10 Enhancement
- Added a new Grok pattern to handle syslog format logs.
2022-11-16 Enhancement
- Added a new Grok pattern for failing query-error logs.
- Updated Grok patterns to parse logs which have additional data after port number.
- Concatenated "query_int_1" and "query_int_2" to "query".
- Mapped "dns_resp_2" and "error_loc" to "description".
- Added conditions in "dhcp_qtype_mapping.include" to check for Types TYPE0, TYPE65521, TYPE65400 and converted them to integer values.
2022-04-22 Enhancement - Parsed logs that failed earlier