Change log for PFSENSE
| Date | Changes |
|---|---|
| 2024-10-11 | Enhancement:
- Added support for a new pattern of syslog logs. |
| 2024-05-08 | Enhancement:
- Added Grok patterns to parse field "description". - Mapped "principal_ip" to "principal.ip" and "principal.asset.ip". - Mapped "src_port" to "principal.port". - Mapped "compression_algo" to "additional.fields". - Mapped "status" to "security_result.detection_fields". - Mapped "principal_username" to "principal.user.userid". - Mapped "target_host" to "target.hostname" and "target.asset.hostname". |
| 2023-05-05 | Enhancement:
- Added convert to uppercase before mapping "network.ip_protocol". - Mapped "column18" to "principal.port" when protocol is present in "column13". - Mapped "column19" to "target.port" when protocol is present in "column13". - Mapped "column20" to "additional.fields" as "data-length" when protocol is present in "column13". |
| 2023-02-20 | Enhancement:
- Added Grok pattern to support new filter-log format and syslog-ng format. |
| 2022-10-04 | Enhancement:
- Remapped firewall device name to intermediary.hostname instead of principal.hostname for logs where event_types is "NETWORK_CONNECTION". |
| 2022-09-05 | Enhancement-
- for csv format logs mapped following fields. - Added grok pattern to retrieve "IP" and "MAC". - Mapped "column19" which is "source-address" to "network.dhcp.yiaddr". - Mapped "security_result.action" to "ALLOW" when "column7" is equal to "pass". - When "column9" is equals to "6" which indicates "IPV6", then following fields are mapped: - Mapped "column17" which is "destination-address" to "target.ip". - Mapped "column16" which is "source-address" to "principal.ip". - Mapped "event_type" to "NETWORK_CONNECTION" when "column16" and "column17" is not null. - Mapped "column12" which is "hop_limit" to "additional.fields". - Mapped "column13" which is "ip_protocol" to "network.ip_protocol". - Migrated the custom parsers into default parser. - Added conditional check to set "event_type" to "STATUS_UPDATE" |
| 2022-06-30 | Enhancement:
- Mapped "ttl" to "additional.fields". - Mapped "Id" to "additional.fields". - Mapped "Offset" to "additional.fields". - Mapped "Data length" to "additional.fields". - Mapped "Length" to "additional.fields". - Mapped "Sequence-number" to "additional.fields". |
| 2022-04-11 | Newly created parser
|