Change log for VMWARE_ESX
| Date | Changes |
|---|---|
| 2024-07-01 | Enhancement:
- Added support for a new pattern of Syslog logs. |
| 2024-06-11 | Enhancement:
- Added support for a new pattern of Syslog logs. |
| 2024-06-03 | Enhancement:
- Added support for a new pattern of JSON logs. |
| 2024-05-09 | Enhancement:
- Added support for new pattern of "snmpd" and "Rhttpproxy" logs. - Mapped "prod_event_type" to "metadata.product_event_type". - Mapped "context" to "additional.fields". |
| 2024-02-07 | Bug-Fix:
- Added new Grok patterns to support the SYSLOG logs which are getting dropped. - Mapped "newVersion" and "filter" to "security_result.detection_fields". - Mapped "description" to "security_result.description". |
| 2023-10-10 | Enhancement:
Modified the following JSON key names using the gsub function: - "service" to "serv". - "event" to "log_event". - "@timestamp" to "timestamp". - "@version" to "version". Added new Grok patterns to handle the JSON logs with new fields. Matched the "timestamp" to "RFC 3339" and "TIMESTAMP_ISO8601" formats. Mapped "host.hostname" to "principal.hostname". Mapped "host.ip" to "principal.ip". Mapped "type", "serv.type", "log.syslog.facility.code", "log.syslog.facility.name", "log.syslog.severity.code", "log.syslog.severity.name", and "log.syslog.priority" to "additional.fields". Mapped "process.name" to "service". Mapped "version" to "metadata.product_version". Mapped "severity" to "security_result.severity". |
| 2023-09-25 | Enhancement:
- Added new Grok patterns to handle the new type of SYSLOG for VMware ESXi. - Mapped "app_name" to "principal.application". - Mapped "severity" to "security_result.severity". |
| 2023-07-17 | Bug_fix - Mapped "username" to "target.user.userid".
Mapped "pid" to "principal.process.pid". Mapped "description" to "metadata.description". |
| 2023-06-12 | Bug_fix - Modified mapping of "session" for type "vmauthd". Mapped it to "network.session_id".
|
| 2022-09-01 | Bug_fix - Unmapped principal.namespace from its hardcoded value.
|
| 2022-08-24 | Enhancement - - Added new date type to parse dates of format "yyyy-MM-ddTHH:mm:s".
|
| 2022-08-03 | Enhancement - Added the grok patterns to handle the logs with service :- hostd, vmon andd vrops.
|
| 2022-07-26 | Enhancement -
Where "service" is equal to "Rhttpproxy" - Modified mapping for "principal.namespace" from "namespace" to "WALMART". - Mapped "namespace" to "additional.fields". Where "service" is equal to "crond" - Mapped "parent_pid" to "target.process.parent_process.pid". |
| 2022-07-05 | Bugfix - Updated the parser to match the timestamp in "yyyy-MM-ddTHH:mm:ss.SSSS" format.
|
| 2022-06-13 | Enhancement - Modified/Added the grok patterns to handle the logs with service :- hostd, sendmail, sshd, sudo, vmcad, vmon, vpxd, vrops.
Bugfix - Modified "metadata.event_type" for 'vmauthd' logs from "USER_LOGIN" to "GENERIC_EVENT". |
| 2022-05-02 | Bugfix - As per the user requirement, target.hostname mapping changed to principal.ip for the logs which have service as "Hostd".
|
| 2022-04-13 | Enhancement-Parsed the logs having the following service names: hostd-probe, vmkernel, vmkwarning, Fdm, netcpa, root, hpHelper, snmpd, etc.
Mapped logstash.ingest.timestamp to metadata.ingested_timestamp, logstash.ingest.host and logstash.process.host to intermediary.hostname, logstash.collect.host to observer.hostname. |