Stay organized with collections Save and categorize content based on your preferences.

Change log for PFSENSE

Date Changes
2022-10-04 Enhancement:
- Remapped firewall device name to intermediary.hostname instead of principal.hostname for logs where event_types is "NETWORK_CONNECTION".
2022-09-05 Enhancement-
- for csv format logs mapped following fields.
- Added grok pattern to retrieve "IP" and "MAC".
- Mapped "column19" which is "source-address" to "network.dhcp.yiaddr".
- Mapped "security_result.action" to "ALLOW" when "column7" is equal to "pass".
- When "column9" is equals to "6" which indicates "IPV6", then following fields are mapped:
- Mapped "column17" which is "destination-address" to "target.ip".
- Mapped "column16" which is "source-address" to "principal.ip".
- Mapped "event_type" to "NETWORK_CONNECTION" when "column16" and "column17" is not null.
- Mapped "column12" which is "hop_limit" to "additional.fields".
- Mapped "column13" which is "ip_protocol" to "network.ip_protocol".
- Migrated the custom parsers into default parser.
- Added conditional check to set "event_type" to "STATUS_UPDATE"
2022-06-30 Enhancement:
- Mapped "ttl" to "additional.fields".
- Mapped "Id" to "additional.fields".
- Mapped "Offset" to "additional.fields".
- Mapped "Data length" to "additional.fields".
- Mapped "Length" to "additional.fields".
- Mapped "Sequence-number" to "additional.fields".
2022-04-11 Newly created parser