Change log for ARUBA_AIRWAVE
| Date | Changes |
|---|---|
| 2025-12-11 | Enhancement:
- Added a Grok pattern to parse syslog logs. - event.idm.read_only_udm.target.hostname: Newly mapped target_hostname raw log field with event.idm.read_only_udm.target.hostname UDM field. - event.idm.read_only_udm.target.asset.hostname: Newly mapped target_hostname raw log field with event.idm.read_only_udm.target.asset.hostname UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped device_event_class_id, event_name_1 raw log fields with event.idm.read_only_udm.metadata.product_event_type UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped version raw log field with event.idm.read_only_udm.additional.fields UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped hostname raw log field with event.idm.read_only_udm.principal.hostname UDM field. - event.idm.read_only_udm.principal.asset.hostname: Newly mapped hostname raw log field with event.idm.read_only_udm.principal.asset.hostname UDM field. - event.idm.read_only_udm.principal.process.pid: Newly mapped pid1 raw log field with event.idm.read_only_udm.principal.process.pid UDM field. - event.idm.read_only_udm.intermediary.hostname and event.idm.read_only_udm.intermediary.asset.hostname: Newly mapped inter_host raw log field with event.idm.read_only_udm.intermediary.hostname and event.idm.read_only_udm.intermediary.asset.hostname UDM field. |
| 2025-01-03 | Enhancement:
- Added a Grok pattern to parse syslog logs. - Mapped "hostname" to "principal.hostname" and "principal.asset.hostname". - Mapped "pid1" to "principal.process.pid". - Mapped "description" to "metadata.description". - Mapped "target_resource" to "target.resource.id". - Mapped "column3" to "additional.fields". - Mapped "column4" to "principal.ip" and "principal.asset.ip". - Mapped "column6" to "target.resource.name". |
| 2023-12-06 | - Added a Grok pattern to parse SYSLOG logs.
|