Change log for F5_BIGIP_LTM
Date | Changes |
---|---|
2024-12-05 | Enhancement:
- Mapped host to "principal.ip" and "principal.asset.ip" |
2024-10-24 | Enhancement:
- Removed the mapping from "principal". |
2024-10-09 | Enhancement:
- Added support to parse unparsed logs. - Mapped "src_ip" and "src_port" from "reason" to "principal.ip" and "principal.port". |
2024-09-15 | Enhancement:
- Added Grok patterns to parse unparsed logs. |
2024-07-02 | Enhancement:
- Added a new Grok pattern to parse the logs containing "CN". - Mapped "bank", "service", "operation", and "information" to "principal.resource.attribute.labels". - Mapped "src_ip" to "principal.ip" and "principal.asset.ip". |
2024-05-06 | Enhancement:
- Added support to handle a new format of KV logs. - Mapped "tlsproto" to "network.tls.version_protocol". - Mapped "method_req" to "network.http.method". - Mapped "path" to "target.url". - Mapped "url" to "principal.url". - Mapped "client_ip" to "principal.ip" and "principal.asset.ip". - Mapped "device" to "principal.hostname" and "principal.asset.hostname". - Mapped "host" to "target.hostname" and "target.asset.hostname". - Mapped "vip" to "target.ip" and "target.asset.ip". - Mapped "client_port" to "principal.port". - Mapped "snat_ip" to "principal.nat_ip". - Mapped "snat_port" to "principal.nat_port". - Mapped "vs_name", "path", "query", "node", "pool_member", "vs", "device", "blade", "client", and "snat" to "about.resource.attribute.labels". |
2024-03-23 | Enhancement:
- Added gsub to remove unwanted characters to parse the logs. - Mapped "support_id", "query_string", and "request_status" to "additional.fields". - Mapped "uri" to "target.url". |
2024-02-23 | Enhancement - Added a "kv" block to retrieve key-value format data. - Added support for CSV format logs. - Added a new Grok pattern to extract key-value fields. - Mapped "dest_ip" to "target_ip". - Mapped "dest_port" to "targetPort" - Mapped "src_port" to "principalPort" - Mapped "dest_port" to "targetPort" - Mapped "ip_client" and "manage_ip_addr" to "principal.ip" and "principal.asset.ip" - Mapped "target_ip" and "Virtual_IP to "target.ip" and "target.asset.ip" - Mapped "severity" to "security_result.severity" - Mapped "session_id" to "network.session_id" - Mapped "network" to "network.http.method" - Mapped "violations", "policy_name" and "req_status" to "security_result.detection_fields.". - Mapped "protocol" to "network.application_protocol" - Mapped "staged_threat_campaign_names","staged_sig_ids","threat_campaign_names","staged_sig_names","captcha_result","sig_set_names","staged_sig_set_names", "sig_ids", "sig_names","resp_code" and "false_positive" to "additional.fields". |
2024-01-24 | Bug-fix - Changed mapping of "uri_pathuri_query" and "header.Referer". - Changed mapping of "uri_pathuri_query" to "target.url" from "network.http.referral_url". - Changed mapping of "header.Referer" to "network.http.referral_url" from "security_result.about.resource.attribute.labels". |
2023-12-14 | Enhancement - Added support for JSON format logs. |
2023-08-28 | Enhancement - Added a "kv" block to retrieve key-value format data. - Mapped "process" to "target.application". - Mapped "Country" to "principal.location.country_or_region". - Mapped "State" to "principal.location.state". - Mapped "Client_IP" to "principal.ip". - Mapped "Virtual_IP" to "target.ip". - Mapped "Session_ID" to "network.session_id". - Mapped "errdefs_msgno", "partition_name", "Listener", "Access_Profile" to "additional.fields". |
2023-07-18 | - Parsed logs where "process" is "apmd" and "loglevel" is "notice".
|
2023-05-18 | Enhancement - Added new Grok patterns to parse the logs containing "tmm".
- Parsed the logs containing "anacron", "run-parts" and "syslog-ng". |
2023-05-09 | Bug-fix - The hostname which is being mapped to intermediary.hostname mapped to principal.hostname for Syslogs. |
2023-03-14 | Enhancement - Mapped "intermediary.hostname" for event_type "USER_LOGIN" and "NETWORK_CONNECTION". - The logs which are parsing as "GENERIC_EVENT" if "principal.user.userid" present then mapped to "USER_UNCATEGORIZED". - The logs which are parsing as "GENERIC_EVENT" if "principal.ip" present then mapped to "STATUS_UPDATE". |
2023-02-23 | Enhancement - Updated Grok pattern for the process types "httpd" and "tmm". |
2023-02-06 | Enhancement - Updated grok pattern for the process type "tmm". - Removed "target.hostname" redundant code and made as generic/global. - changed mapping of "target.hostname" to "intermediary.hostname". |
2023-02-02 | Enhancement - Updated grok pattern for the process type "tmm". - Changed mapping of "target.hostname" to "intermediary.hostname". - Modified metadata.event_type from "GENERIC_EVENT" when principal.ip is present to "STATUS_UPDATE". |
2022-06-21 | Bug-fix - updated grok pattern for the process type "tmm" |
2022-05-02 | Bug-fix - Removed duplicate mappings for "event.idm.read_only_udm.security_result". - Parsed the logs failing during Validation API testing. |