Change log for OPENLDAP
| Date | Changes |
|---|---|
| 2025-02-14 | Enhancement:
- Mapped "filter" to "additional.fields". - Added a new Grok pattern to parse new format logs. |
| 2025-02-11 | Enhancement:
- Added Grok patterns to parse new format logs. - Added the correct mappings for "additional.fields". For example, "ou", "ou_1", and "ou_2". |
| 2025-01-29 | Enhancement:
- Added Grok patterns to parse new format logs. - Added the correct mappings for "additional.fields". For example, "cn", "dc", "method", "Request and Response". - Mapped "ip1" to "principal.ip". |
| 2024-12-17 | Enhancement:
- Mapped "base", "err", "attr", "tag", "scope", and "valueData" to "additional.fields". |
| 2024-06-06 | Enhancement:
- Added Grok patterns to parse new format logs. - Mapped "principal_ip" to "principal.ip" and "principal.asset.ip". - Mapped "syslog_process" to "principal.process.file.full_path". - Mapped "syslog_pid" to "principal.process.pid". - Mapped "ldap_conn" to "metadata.product_log_id". - Mapped "op" to "additional.fields". - Mapped "fd" to "additional.fields". - Mapped "msg1" to "metadata.description". - When "err" = "0", then mapped "security_result.action" to "ALLOW". - When "err" = "50", then mapped "security_result.action" to "BLOCK". - When "err" = "2", then mapped "security_result.action" to "BLOCK". - Mapped "ldap_action" to "metadata.product_event_type". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". - Mapped "prin_port" to "principal.port". - Mapped "user" to "principal.user.userid". - Mapped "tuser" to "target.user.userid". |
| 2023-07-18 | Enhancement:
- Added a Grok pattern to parse failing logs. |
| 2022-08-17 | Enhancement:
- Handled the dropped logs due to grak failure and mapped them to valid event_types. - Mapped "metadata.event_type" to "STATUS_UPDATE" where "principal.hostname" is not null else mapped it as "GENERIC_EVENT". |