Change log for MONGO_DB
| Date | Changes |
|---|---|
| 2024-02-23 | Enhancement: Supported new format of JSON logs.
|
| 2023-05-26 | Enhancement: Parsed logs having "atype" value as "dropIndex", "createIndex", "clientMetadata", "logout".
When the value of "atype" is "clientMetadata" mapped the following fields: - The field "log.param.clientMetadata.os.type" is mapped to "principal.platform". - The field "log.param.clientMetadata.os.version" is mapped to "principal.platform_version". - The field "log.param.clientMetadata.os.name" is mapped to "principal.platform_patch_level". - The field "log.param.clientMetadata.os.architecture" is mapped to "principal.asset.hardware[n].cpu_platform". - The field "log.param.clientMetadata.driver.name" is mapped to "principal.asset.software[n].name". - The field "log.param.clientMetadata.driver.version" is mapped to "principal.asset.software[n].version". - "metadata.event_type" is set to "STATUS_UPDATE". When the value of "atype" is "logout" mapped the following fields: - The field "log.param.reason" is mapped to "security_result.description". - The field "log.param.initialUsers[0].db" is mapped to "target.resource.name" and "target.administrative_domain". - The field "log.param.initialUsers[0].user" is mapped to "target.user.userid". - The field "log.param.initialUsers[1..n].user" is mapped to "about.user.userid". - "metadata.event_type" is set to "USER_LOGOUT". When the value of "atype" is "createIndex" mapped the following fields: - The field "log.param.ns" is mapped to "target.resource.name". - The field "log.param.indexBuildState" is mapped to "security_result.description". - The field "log.param.indexName" is mapped to "target.resource.attribute.labels". - "metadata.event_type" is set to "RESOURCE_CREATION". When the value of "atype" is "dropIndex" mapped the following fields: - The field "log.param.ns" is mapped to "target.resource.name". - The field "log.param.indexBuildState" is mapped to "security_result.description". - The field "log.param.indexName" is mapped to "target.resource.attribute.labels". - "metadata.event_type" is set to "RESOURCE_DELETION". |
| 2022-09-15 | Enhancement - Migrated to default parser.
|
| 2022-06-28 | Enhancement: Parsed logs having "category" value as "NETWORK", "STORAGE", "ACCESS", "COMMAND", "CONNPOOL", "SHARDING", "REPL".
- The field "log.t.$date" mapped to "metadata.event_timestamp". - The field "log.c" mapped to "metadata.product_event_type". - The field "log.attr.remote" mapped to "principal.ip" and "principal.port" accordingly. - The field "log.attr.doc.application.name" mapped to "target.application". - The field "log.s" mapped to "security_result.severity". - The field "log.attr.connectionId" mapped to "additional.fields[n]". - The field "log.attr.connectionCount" mapped to "additional.fields[n]". - The field "log.ctx" mapped to "additional.fields". - The field "log.msg" mapped to "metadata.description". - The field "log.id" mapped to "metadata.product_log_id". - When the value of "log.c" is "NETWORK" mapped following fields: - The field "log.attr.doc.os.type" mapped to "principal.platform". - The field "log.attr.doc.os.version" mapped to "principal.platform_version". - The field "log.attr.doc.os.name" mapped to "principal.platform_patch_level". - The field "log.attr.doc.os.architecture" mapped to "principal.asset.hardware[n].cpu_platform". - The field "log.attr.doc.driver.name" mapped to "principal.asset.software[n].name". - The field "log.attr.doc.driver.version" mapped to "principal.asset.software[n].version". - When the value of "log.c" is "STORAGE" mapped following fields: - The field "log.attr.message" to "security_result.summary". - When the value of "log.c" is "ACCESS" mapped following fields: - The field "log.attr.authenticationDatabase" to "target.resource.name". - The field "log.attr.error" to "security_result.summary". - The field "log.attr.principalName" to "target.user.userid". - The field "log.attr.mechanism" to "extensions.auth.auth_details". - When the value of "log.c" is "COMMAND" mapped following fields: - The field "log.attr.ns" to "principal.namespace". - The field "log.attr.command.$db" to "target.resource.name". - The field "log.attr.planSummary" to "security_result.summary". - The field "log.attr.command.$readPreference.mode" to "target.resource.attribute.labels[n]". - The field "log.attr.queryHash" to "target.resource.attribute.labels[n]". - The field "log.attr.storage.data.bytesRead" to "target.resource.attribute.labels[n]". - The field "log.attr.storage.data.timeReadingMicros" to "target.resource.attribute.labels[n]". - The field "log.attr.protocol" to "target.resource.attribute.labels[n]". - When the value of "log.c" is "CONNPOOL" mapped following fields: - The field "log.attr.hostAndPort" to "principal.hostname" and "principal.port" accordingly. |