Change log for SQUID_WEBPROXY
| Date | Changes |
|---|---|
| 2022-10-30 | Enhancement, Bug-fix:
- Added a Grok pattern to parse dropped logs. - Added a Grok pattern to map the hostname of the Squid proxy server to "intermediary.hostname". |
| 2022-09-19 | Enhancement:
- Parsed syslog of type squid. - Mapped "insertId" to "metadata.product_log_id". - Mapped "logName" to "target.process.file.full_path". - Mapped "instance_id" to "additional.fields". - Mapped "project_id" to "additional.fields". - Mapped "zone" to "additional.fields". - Mapped "type" to "additional.fields". - Mapped "agent.ephemeral_id" to "additional.fields". - Mapped "agent.hostname" to "principal.hostname". - Mapped "agent.version" to "metadata.product_version". - Mapped "host.mac" to "principal.mac". - Mapped "host.ip" to "principal.ip". - Mapped "event_action" to "security_result.action_details". - Mapped "event_message" to "metadata.description". - Mapped "host.architecture" to "principal.asset.hardware". - Mapped "host.id" to "principal.asset.asset_id". - Mapped "host.os.version" to "principal.platform_version". - Mapped "host.os.kernel" to "principal.platform_patch_level". - Mapped "host.os.codename" to "additional.fields". - Mapped "syslog_severity" to "security_result.severity_details". - Mapped "syslog_severity_code" to "security_result.severity". - Mapped "host.os.platform" to "principal.platform". - Mapped "log.file.path" to "target.process.file.full_path". |