Change log for PFSENSE
| Date | Changes |
|---|---|
| 2023-02-20 | Enhancement:
- Added Grok pattern to support new filter-log format and syslog-ng format. |
| 2022-10-04 | Enhancement:
- Remapped firewall device name to intermediary.hostname instead of principal.hostname for logs where event_types is "NETWORK_CONNECTION". |
| 2022-09-05 | Enhancement-
- for csv format logs mapped following fields. - Added grok pattern to retrieve "IP" and "MAC". - Mapped "column19" which is "source-address" to "network.dhcp.yiaddr". - Mapped "security_result.action" to "ALLOW" when "column7" is equal to "pass". - When "column9" is equals to "6" which indicates "IPV6", then following fields are mapped: - Mapped "column17" which is "destination-address" to "target.ip". - Mapped "column16" which is "source-address" to "principal.ip". - Mapped "event_type" to "NETWORK_CONNECTION" when "column16" and "column17" is not null. - Mapped "column12" which is "hop_limit" to "additional.fields". - Mapped "column13" which is "ip_protocol" to "network.ip_protocol". - Migrated the custom parsers into default parser. - Added conditional check to set "event_type" to "STATUS_UPDATE" |
| 2022-06-30 | Enhancement:
- Mapped "ttl" to "additional.fields". - Mapped "Id" to "additional.fields". - Mapped "Offset" to "additional.fields". - Mapped "Data length" to "additional.fields". - Mapped "Length" to "additional.fields". - Mapped "Sequence-number" to "additional.fields". |
| 2022-04-11 | Newly created parser
|