Change log for NETFILTER_IPTABLES
Date | Changes |
---|---|
2023-10-12 | Enhancement:
- Added a Grok pattern to parse SYSLOG type logs. - Mapped "OUT" to "target.resource.attribute.labels". - Mapped "IN" to "principal.resource.attribute.labels". |
2022-10-12 | Enhancement:
- Added new grok to parse unparsed logs(logs with header format <133> Sep 29 01:38:26). - Mapped security_result.action to Block where action is reject. |
2022-10-04 | Enhancement:
- Remapped "src_host" to "intermediary.hostname" instead of "principal.hostname". |
2022-06-21 | Enhancement:
- Mapped "TOS" with "tos_label" to "event.idm.read_only_udm.additional.fields". - Mapped "LEN" with "len_label" to "event.idm.read_only_udm.additional.fields". - Mapped "URGP" with "urgp_label" to "event.idm.read_only_udm.additional.fields". - Mapped "PREC" with "prec_label" to "event.idm.read_only_udm.additional.fields". - Mapped "SPI" with "spi_label" to "event.idm.read_only_udm.additional.fields". - Mapped "CODE" with "code_label" to "event.idm.read_only_udm.additional.fields". - Mapped "DF" with "df_label" to "event.idm.read_only_udm.additional.fields". - If "action" is "DROP" then "security_result.action" is assigned with "BLOCK". |