Change log for CISCO_ROUTER

Date Changes
2024-12-12 Enhancement:
- Mapped "intermediary_host" to "intermediary.hostname".
2024-12-05 Enhancement:
- Added a Grok pattern to support new pattern of syslog logs.
- Mapped "srcip" to "principal.ip".
2024-10-30 Enhancement:
- Added support for "metadata.event_timestamp" in "BST" timezone.
2024-10-15 Enhancement:
- Mapped "inter_hostname" to "intermediary.ip" and "intermediary_host" to "intermediary.hostname".
2024-09-12 Enhancement:
- Added a Grok pattern to map "int_ip" to "intermediary.hostname".
2024-06-26 Enhancement:
- Added a new Grok pattern to parse a new format of SYSLOG logs.
2024-06-09 Enhancement:
- Mapped "hostname" from syslog header to "intermediary.hostname".
2024-05-20 Enhancement:
- Added a new Grok pattern to parse a new format of SYSLOG logs.
- Mapped "MessageSourceAddress" to "principal.ip" and "principal.asset.ip".
- Mapped "SourceModuleName" and "SourceModuleType" to "principal.resource.attribute.labels".
2023-11-10 Enhancement:
- Added new Grok patterns to parse failing SYSLOG logs.
- Added "Unable", "exceeded", and "No space left on device" conditions for "AUTH_VIOLATION".
2023-10-30 Enhancement:
- Added new Grok patterns to parse failing syslog logs.
- Mapped "resourcename" to "principal.resource.name".
- Mapped "app_protocol" to "network.application.protocol".
- Mapped "app" to "target.application".
- Mapped "source_port" to "principal.port".
- Mapped "source_ip" to "principal.ip".
- Mapped "device_ip" to "target.ip".
- Mapped "username" to "target.user.userid".
- Mapped "intermediary_ip" to "intermediary.ip".
- Mapped "mnemonics" to "metadata.event_type".
- Mapped "sec_action" to "security_result.action".
- Mapped "sec_category" "security_result.category".
- Mapped "sec_summary" to "security_result.summary".
- For authentication type logs, set "metadata.event_type" to "USER_LOGIN".
2023-05-09 Enhancement-
- Logs with value "FMANFP-6-IPACCESSLOGP" are parsed as "NETWORK_CONNECTION" events.
2022-12-02 Enhancement-
- Added grok to support unparsed Syslog logs.
- If "principal.hostname" changed event_type mapping from GENERIC_EVENT to STATUS_UPDATE.
2022-11-10 Enhancement-
- Added support for SYS-5-CONFIG_I event logs.
- Modified grok to support logs having timezone.
2022-10-27 Enhancement-
Parse following syslog fields of log type IOSXE-6-PLATFORM
-Mapped "ip" to "intermediary.ip"
-Mapped "src_ip" to "principal.ip"
-Mapped "src_port" to "principal.port"
-Mapped "dst_ip" to "target.ip"
-Mapped "dst_port" to "target.port"
-Mapped "protocol" to "network.ip_protocol"
-Mapped "facility" to "principal.resource.type"
-Mapped "mnemonics" to "metadata.product_event_type"
-Mapped "sc_summary" to "metadata.description"
-Mapped "sr_action" to "security_result.action"
-Mapped "summary" to "security_result.summary"
2022-08-23 Enhancement-
-Corrected mapping of principal and target ip
-Mapped "target_ip" to "event.idm.read_only_udm.target.ip"
-Mapped "src_ip" to "event.idm.read_only_udm.principal.asset.ip"
2022-07-01 Enhancement-
Fixed an error to parse logs containing product_event_type as SYS-3-LOGGINGHOST_FAIL,SEC_LOGIN-5-LOGIN_SUCCESS,SYS-6-LOGGINGHOST_STARTSTOP,SYS-6-LOGOUT and timestamp is not present.
Changed metadata.event_type of SYS-3-LOGGINGHOST_FAIL logs to STATUS_UPDATE from GENERIC_EVENT