Change log for VMWARE_VCENTER
| Date | Changes |
|---|---|
| 2023-02-08 | Enhancement - Parsed the logs containing "eventid", "Rhttproxy" by adding/modifying some grok patterns.
- Mapped "Account Domain" to "principal.administrative_domain". - Mapped "Client Address" to "principal.ip". - Mapped "Client port" to "principal.port". - Mapped "Source port" to "principal.port". - Mapped "Source Network Address" to "principal.ip". - Mapped "providername" to "principal.application". - Mapped "Access Mask" to "principal.process.access_mask". - Mapped "Logon Account" to "principal.user.userid". - Mapped "User ID" to "target.user.windows_sid". - Mapped "Account Name" to "target.user.userid". - Mapped "Security ID" to "target.user.windows_sid". - Mapped "Authentication Package" to "security_result.about.resource.name". - Mapped "Relative Target Name" to "target.file.full_path". - Mapped "Share Name" to "target.resource.name". - Mapped "Logon Type" to "extensions.auth.mechanism". - Mapped "eventid" to "metadata.product_event_type". |
| 2023-01-12 | Enhancement -
- Added support to parser logs by adding following mappings. - Mapped "insertId" to "metadata.product_log_id". - Mapped "labels.log_type" to "metadata.product_event_type". - Mapped "labels.net.host.ip" to "principal.ip". - Mapped "labels.net.host.port" to "principal.port". - Mapped "labels.net.peer.ip" to "target.ip". - Mapped "labels.net.peer.port" to "target.port". - Mapped "labels.net.peer.port" to "target.port". - Mapped "labels.net.transport" to "network.ip_protocol". - Mapped "logName" to "security_result.category_details". - Mapped "@fields.host" to "principal.hostname". - Mapped "@fields.facility" to "principal.resource.type". - Mapped "@fields.company_name" to "principal.user.company_name". - Mapped "@fields.privatecloud_id" to "principal.cloud.project.id". - Mapped "@fields.privatecloud_name" to "principal.cloud.project.name". - Mapped "@fields.procid" to "principal.process.pid". - Mapped "@fields.region_id" to "principal.location.country_or_region". - Mapped "@version" to "principal.platform_version". - Mapped "basedn_group_iden" to "target.user.group_identifiers". - Mapped "cipher" to "network.tls.cipher". - Mapped "version" to "network.tls.version". - Mapped "msgid" to "network.email.mail_id". - Mapped "verify" to "security_result.description". - Mapped "size" to "network.sent_bytes". - Mapped "stat" to "security_result.summary". - Mapped "from" to "network.email.from". - Mapped "to" to "network.email.to". - Mapped "get_error" to "intermediary.labels". - Mapped "relay_ip" to "intermediary.ip". - Mapped "relay_domain" to "intermediary.hostname". - Mapped "ssh_proto" to "network.application_protocol". - Mapped "cmd" to "target.process.command_line". - Mapped "user_id" to "principal.user.userid". - Mapped "user_agent" to "network.http.user_agent". - Mapped "file_path" to "target.process.file.full_path". - Mapped "server_name" to "target.hostname". - Mapped "target_userid" to "target.user.userid". - Mapped "ip" to "target.ip". - Mapped "level" to "security_result.severity". - Mapped "resource.type" to "src.labels". - Mapped "upn_name" to "intermediary.url". - Added drop tags for logs being dropped. |
| 2022-05-06 | Moved customer specific parser to default.
Syslog format logs are handled. Added and modified multiple fields to increase log parsing percentage: network.http.response_code, file.full_path, network.sent_bytes, http.method, application_protocol, severity, port,process.pid,command_line, event_type. |