Change log for VMWARE_VREALIZE
| Date | Changes |
|---|---|
| 2023-06-20 | Enhancement -
-Added Grok pattern for failing logs. -Mapped "ts" to "event_timestamp". -Mapped "isLocal", "updateType", "subClusterUuid", "valueLength" to "event.idm.read_only_udm.additional.fields". |
| 2023-05-26 | Enhancement -
Added Grok pattern for failing logs. |
| 2023-05-23 | Enhancement -
- Added Grok pattern to parse syslog logs and added mapping for the following fields: - "client_ip" mapped to "principal.ip". - "host" mapped to "principal.hostname". - "referer" mapped to "principal.url". - "client_src_port" mapped to "principal.port". - "server_ip" mapped to "target.ip". - "server_name" mapped to "target.hostname". - "server_src_port" mapped to "target.port". - "ssl_session_id" mapped to "network.session_id". - "ssl_version" mapped to "tls.version_protocol". - "ssl_cipher" mapped to "network.tls.cipher". - "method" mapped to "network.http.method". - "user_agent" mapped to "network.http.user_agent". - "response_code" mapped to "network.http.response_code". - "uri_path" mapped to "network.http.referral_url". - "requested_protocol" mapped to "network.application_protocol". - "log_id" mapped to "metadata.product_log_id". - "sec_ch_ua", "csrf_token", "vs_name", "virtualservice", "request_state", "request_content_type", "response_content_type", "compression", "pool", "pool_name", "service_engine" mapped to "additionl.fields". - "headers_sent_to_server.Cookie", "headers_received_from_server.set-cookie", "headers_received_from_server.Access-Control-Allow-Origin" mapped to "target.resource.attribute.labels". - "headers_received_from_server.Content-Security-Policy" mapped to "principal.resource.attribute.labels". |
| 2023-04-20 | Enhancement - Added mapping for the following fields:
- "tenantId", "values.actorExternalId", "actorUuid", "actorId", "values.deviceType", "objectName", "objectType", "objectId". Mapped to "additional.fields". |
| 2023-03-27 | Enhancement - Added mapping for the following fields:
- "uuid" mapped to "metadata.product_log_id". - "tenantId" mapped to "principal.resource.attribute.labels". - "actorId" mapped to "principal.user.userid". - "actorUserName" mapped to "principal.user.user_display_name". - "actorUuid" mapped to "principal.resource.attribute.labels". - "actorDomain" mapped to "principal.hostname". - "sourceIp" mapped to "principal.ip". - "automation_tag" mapped to "product_event_type". - "objectName" mapped to "target.resource.attribute.labels". - "objectType" mapped to "target.resource.attribute.labels". - "clientId" mapped to "target.user.userid". - "values.deviceType" mapped to "principal.resource.attribute.labels". - "objectId" mapped mapped to "target.resource.attribute.labels". - "values.resourceType" mapped to "principal.resource.resource_subtype". - "values.success" mapped to "security_result.action". |
| 2022-07-06 | Enhancement - Added Mapping for the following field:
- "hostname" mapped to "principal.hostname". - Changed metadata.event_type from "GENERIC_EVENT" to "STATUS_UPDATE" where "principal.ip" or "target.ip" or "principal.hostname" not null. |
| 2022-04-27 | - Mapped complete value for question_name to the field "network.dns.questions.name"
|
| 2022-03-30 | - Newly created parser.
- Added support for SYSLOG format. |