Change log for F5_BIGIP_LTM

Date Changes
2024-12-05 Enhancement:
- Mapped host to "principal.ip" and "principal.asset.ip"
2024-10-24 Enhancement:
- Removed the mapping from "principal".
2024-10-09 Enhancement:
- Added support to parse unparsed logs.
- Mapped "src_ip" and "src_port" from "reason" to "principal.ip" and "principal.port".
2024-09-15 Enhancement:
- Added Grok patterns to parse unparsed logs.
2024-07-02 Enhancement:
- Added a new Grok pattern to parse the logs containing "CN".
- Mapped "bank", "service", "operation", and "information" to "principal.resource.attribute.labels".
- Mapped "src_ip" to "principal.ip" and "principal.asset.ip".
2024-05-06 Enhancement:
- Added support to handle a new format of KV logs.
- Mapped "tlsproto" to "network.tls.version_protocol".
- Mapped "method_req" to "network.http.method".
- Mapped "path" to "target.url".
- Mapped "url" to "principal.url".
- Mapped "client_ip" to "principal.ip" and "principal.asset.ip".
- Mapped "device" to "principal.hostname" and "principal.asset.hostname".
- Mapped "host" to "target.hostname" and "target.asset.hostname".
- Mapped "vip" to "target.ip" and "target.asset.ip".
- Mapped "client_port" to "principal.port".
- Mapped "snat_ip" to "principal.nat_ip".
- Mapped "snat_port" to "principal.nat_port".
- Mapped "vs_name", "path", "query", "node", "pool_member", "vs", "device", "blade", "client", and "snat" to "about.resource.attribute.labels".
2024-03-23 Enhancement:
- Added gsub to remove unwanted characters to parse the logs.
- Mapped "support_id", "query_string", and "request_status" to "additional.fields".
- Mapped "uri" to "target.url".
2024-02-23 Enhancement
- Added a "kv" block to retrieve key-value format data.
- Added support for CSV format logs.
- Added a new Grok pattern to extract key-value fields.
- Mapped "dest_ip" to "target_ip".
- Mapped "dest_port" to "targetPort"
- Mapped "src_port" to "principalPort"
- Mapped "dest_port" to "targetPort"
- Mapped "ip_client" and "manage_ip_addr" to "principal.ip" and "principal.asset.ip"
- Mapped "target_ip" and "Virtual_IP to "target.ip" and "target.asset.ip"
- Mapped "severity" to "security_result.severity"
- Mapped "session_id" to "network.session_id"
- Mapped "network" to "network.http.method"
- Mapped "violations", "policy_name" and "req_status" to "security_result.detection_fields.".
- Mapped "protocol" to "network.application_protocol"
- Mapped "staged_threat_campaign_names","staged_sig_ids","threat_campaign_names","staged_sig_names","captcha_result","sig_set_names","staged_sig_set_names", "sig_ids", "sig_names","resp_code" and "false_positive" to "additional.fields".
2024-01-24 Bug-fix
- Changed mapping of "uri_pathuri_query" and "header.Referer".
- Changed mapping of "uri_pathuri_query" to "target.url" from "network.http.referral_url".
- Changed mapping of "header.Referer" to "network.http.referral_url" from "security_result.about.resource.attribute.labels".
2023-12-14 Enhancement
- Added support for JSON format logs.
2023-08-28 Enhancement
- Added a "kv" block to retrieve key-value format data.
- Mapped "process" to "target.application".
- Mapped "Country" to "principal.location.country_or_region".
- Mapped "State" to "principal.location.state".
- Mapped "Client_IP" to "principal.ip".
- Mapped "Virtual_IP" to "target.ip".
- Mapped "Session_ID" to "network.session_id".
- Mapped "errdefs_msgno", "partition_name", "Listener", "Access_Profile" to "additional.fields".
2023-07-18 - Parsed logs where "process" is "apmd" and "loglevel" is "notice".
2023-05-18 Enhancement - Added new Grok patterns to parse the logs containing "tmm".
- Parsed the logs containing "anacron", "run-parts" and "syslog-ng".
2023-05-09 Bug-fix
- The hostname which is being mapped to intermediary.hostname mapped to principal.hostname for Syslogs.
2023-03-14 Enhancement
- Mapped "intermediary.hostname" for event_type "USER_LOGIN" and "NETWORK_CONNECTION".
- The logs which are parsing as "GENERIC_EVENT" if "principal.user.userid" present then mapped to "USER_UNCATEGORIZED".
- The logs which are parsing as "GENERIC_EVENT" if "principal.ip" present then mapped to "STATUS_UPDATE".
2023-02-23 Enhancement
- Updated Grok pattern for the process types "httpd" and "tmm".
2023-02-06 Enhancement
- Updated grok pattern for the process type "tmm".
- Removed "target.hostname" redundant code and made as generic/global.
- changed mapping of "target.hostname" to "intermediary.hostname".
2023-02-02 Enhancement
- Updated grok pattern for the process type "tmm".
- Changed mapping of "target.hostname" to "intermediary.hostname".
- Modified metadata.event_type from "GENERIC_EVENT" when principal.ip is present to "STATUS_UPDATE".
2022-06-21 Bug-fix
- updated grok pattern for the process type "tmm"
2022-05-02 Bug-fix
- Removed duplicate mappings for "event.idm.read_only_udm.security_result".
- Parsed the logs failing during Validation API testing.