Change log for OPENLDAP
| Date | Changes |
|---|---|
| 2024-06-06 | Enhancement:
- Added Grok patterns to parse new format logs. - Mapped "principal_ip" to "principal.ip" and "principal.asset.ip". - Mapped "syslog_process" to "principal.process.file.full_path". - Mapped "syslog_pid" to "principal.process.pid". - Mapped "ldap_conn" to "metadata.product_log_id". - Mapped "op" to "additional.fields". - Mapped "fd" to "additional.fields". - Mapped "msg1" to "metadata.description". - When "err" = "0", then mapped "security_result.action" to "ALLOW". - When "err" = "50", then mapped "security_result.action" to "BLOCK". - When "err" = "2", then mapped "security_result.action" to "BLOCK". - Mapped "ldap_action" to "metadata.product_event_type". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". - Mapped "prin_port" to "principal.port". - Mapped "user" to "principal.user.userid". - Mapped "tuser" to "target.user.userid". |
| 2023-07-18 | Enhancement:
- Added a Grok pattern to parse failing logs. |
| 2022-08-17 | Enhancement:
- Handled the dropped logs due to grak failure and mapped them to valid event_types. - Mapped "metadata.event_type" to "STATUS_UPDATE" where "principal.hostname" is not null else mapped it as "GENERIC_EVENT". |