Change log for JUNIPER_JUNOS
| Date | Changes |
|---|---|
| 2024-06-18 | Enhancement-
- Added support to handle unparsed SYSLOG logs. |
| 2024-06-07 | Enhancement-
- Added Grok patterns to parse the new pattern of SYSLOG logs. - When "protocol-name" has a valid IP protocol, then mapped "protocol-name" to "network.ip_protocol". |
| 2024-05-02 | Enhancement-
- Added Grok patterns to support new SYSLOG + KV format logs. |
| 2023-10-25 | Enhancement-
- Added Grok patterns to parse unparsed logs. - Mapped "source_port" to "principal.port". - Mapped "source_address" to "principal.ip". - Mapped "user_name" to "target.user.userid". - Mapped "application_name" to "target.application". - Mapped "p_id" to "target.process.pid". - Added "invalid_pattern" check before KV mapping. - Added a Grok pattern to map "security_result.description" when "description_present" is false. |
| 2023-08-17 | Enhancement-
- Added Grok pattern to parsed unparsed logs. - Mapped "msg" to "security_result.summary". - Mapped "src_ip" to "principal.ip". - Mapped "user" to "target.user.userid". - Mapped "username" to "principal.user.userid". - Mapped "command" to "target.process.command_line". - Mapped "src_port" to "principal.port". - Mapped "ssh2" to "security_result.detection_fields". - Mapped "sha256" to "principal.process.file.sha256". - Mapped "desc" to "sec_result.summary". - Mapped "mac-address" to "principal.mac". - Mapped "host" to "principal.hostname" if event_type is "STATUS_UPDATE". |
| 2023-01-15 | Enhancement-
- Modified Grok pattern to support unparsed logs containing type "UI_CMDLINE_READ_LINE", "UI_COMMIT_PROGRESS", "UI_CHILD_START", "UI_CFG_AUDIT_OTHER", "UI_LOGIN_EVENT", "UI_CHILD_STATUS", "UI_LOGOUT_EVENT", "UI_LOAD_EVENT", "JTASK_IO_CONNECT_FAILED", "UI_AUTH_EVENT", "UI_NETCONF_CMD", "UI_COMMIT_NO_MASTER_PASSWORD", "UI_CFG_AUDIT_SET", "UI_JUNOSCRIPT_CMD", "SNMPD_AUTH_FAILURE", "UI_CFG_AUDIT_NEW", "UI_COMMIT" , "LIBJNX_LOGIN_ACCOUNT_LOCKED", "UI_COMMIT_COMPLETED", "PAM_USER_LOCK_LOGIN_REQUESTS_DENIED", "RTPERF_CPU_USAGE_OK", "RTPERF_CPU_THRESHOLD_EXCEEDED", "LIBJNX_LOGIN_ACCOUNT_UNLOCKED", "JSRPD_SET_OTHER_INTF_MON_FAIL", "JSRPD_SET_SCHED_MON_FAILURE", "UI_CHILD_WAITPID", "UI_DBASE_LOGIN_EVENT". |
| 2022-05-02 | New default parser.
|