Change log for CISCO_SWITCH
| Date | Changes |
|---|---|
| 2023-04-27 | Enhancement:
- Reduced generic percentage. - Removed unnecessary Grok patterns. - Added Grok pattern to parse syslog logs. - Added conditional check for "source_ip", "destination_ip". - If "source_ip" and "destination_ip" is present then map "event_type" to "NETWORK_CONNECTION". - If "source_ip" is present and "destination_ip" is not present then map "event_type" to "STATUS_UPDATE". - Mapped "pid" to "target.process.pid". - Mapped "app_name" to "target.application". |
| 2023-03-24 | Customer Issue:
- Added Grok pattern and mapping for logs where message types are either "FILECPY", "REJECT", "CONNECT", or "DISCONNECT". |
| 2023-01-24 | Enhancement:
- Modified Grok patterns to support logs having timezone. - Mapped 'ip_address' to 'principal.ip'. - When "mnemonic" is "NBR_RESET" and ip_address is present , then "metadata.event_type" is set as "STATUS_UPDATE". |
| 2022-07-21 | Enhancement - Added grok pattern and enhanced the parser to parse the logs that were getting dropped (logs without "% - Mapped 'hostname' to 'principal.hostname' - Mapped 'source_ip' to 'principal.ip' - Mapped 'destination_ip' to 'target.ip' - Mapped 'ip_protocol' to 'network.ip_protocol'. - Mapped 'summary' to 'security_result.summary'. - Mapped 'header_data' to 'metadata.product_log_id'. |