Stay organized with collections Save and categorize content based on your preferences.

Change log for VMWARE_VCENTER

Date Changes
2023-02-08 Enhancement - Parsed the logs containing "eventid", "Rhttproxy" by adding/modifying some grok patterns.
- Mapped "Account Domain" to "principal.administrative_domain".
- Mapped "Client Address" to "principal.ip".
- Mapped "Client port" to "principal.port".
- Mapped "Source port" to "principal.port".
- Mapped "Source Network Address" to "principal.ip".
- Mapped "providername" to "principal.application".
- Mapped "Access Mask" to "principal.process.access_mask".
- Mapped "Logon Account" to "principal.user.userid".
- Mapped "User ID" to "target.user.windows_sid".
- Mapped "Account Name" to "target.user.userid".
- Mapped "Security ID" to "target.user.windows_sid".
- Mapped "Authentication Package" to "security_result.about.resource.name".
- Mapped "Relative Target Name" to "target.file.full_path".
- Mapped "Share Name" to "target.resource.name".
- Mapped "Logon Type" to "extensions.auth.mechanism".
- Mapped "eventid" to "metadata.product_event_type".
2023-01-12 Enhancement -
- Added support to parser logs by adding following mappings.
- Mapped "insertId" to "metadata.product_log_id".
- Mapped "labels.log_type" to "metadata.product_event_type".
- Mapped "labels.net.host.ip" to "principal.ip".
- Mapped "labels.net.host.port" to "principal.port".
- Mapped "labels.net.peer.ip" to "target.ip".
- Mapped "labels.net.peer.port" to "target.port".
- Mapped "labels.net.peer.port" to "target.port".
- Mapped "labels.net.transport" to "network.ip_protocol".
- Mapped "logName" to "security_result.category_details".
- Mapped "@fields.host" to "principal.hostname".
- Mapped "@fields.facility" to "principal.resource.type".
- Mapped "@fields.company_name" to "principal.user.company_name".
- Mapped "@fields.privatecloud_id" to "principal.cloud.project.id".
- Mapped "@fields.privatecloud_name" to "principal.cloud.project.name".
- Mapped "@fields.procid" to "principal.process.pid".
- Mapped "@fields.region_id" to "principal.location.country_or_region".
- Mapped "@version" to "principal.platform_version".
- Mapped "basedn_group_iden" to "target.user.group_identifiers".
- Mapped "cipher" to "network.tls.cipher".
- Mapped "version" to "network.tls.version".
- Mapped "msgid" to "network.email.mail_id".
- Mapped "verify" to "security_result.description".
- Mapped "size" to "network.sent_bytes".
- Mapped "stat" to "security_result.summary".
- Mapped "from" to "network.email.from".
- Mapped "to" to "network.email.to".
- Mapped "get_error" to "intermediary.labels".
- Mapped "relay_ip" to "intermediary.ip".
- Mapped "relay_domain" to "intermediary.hostname".
- Mapped "ssh_proto" to "network.application_protocol".
- Mapped "cmd" to "target.process.command_line".
- Mapped "user_id" to "principal.user.userid".
- Mapped "user_agent" to "network.http.user_agent".
- Mapped "file_path" to "target.process.file.full_path".
- Mapped "server_name" to "target.hostname".
- Mapped "target_userid" to "target.user.userid".
- Mapped "ip" to "target.ip".
- Mapped "level" to "security_result.severity".
- Mapped "resource.type" to "src.labels".
- Mapped "upn_name" to "intermediary.url".
- Added drop tags for logs being dropped.
2022-05-06 Moved customer specific parser to default.
Syslog format logs are handled.
Added and modified multiple fields to increase log parsing percentage:
network.http.response_code, file.full_path, network.sent_bytes, http.method,
application_protocol, severity, port,process.pid,command_line, event_type.