Change log for ARUBA_EDGECONNECT_SDWAN
| Date | Changes |
|---|---|
| 2026-01-05 | Enhancement:
- Added a grok pattern to parse the new log formats. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `log_type`, `syslog_ver`, `meta_sequenceId` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.target.user.userid`: Newly mapped `sp_id` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname`: Newly mapped `component` raw log field with `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname` UDM field. |
| 2025-12-05 | Enhancement:
- Added a grok patterns to parse the new log formats. - `event.idm.read_only_udm.additional.fields`: Newly mapped `id`, `isInSync_`, `p_meta_sequenceId`, `startTime`, `endTime`, `result`, `p_sp_id`, `p_service`, `Registered_events`, `UniqueConfigEventsToSync`, `canRecoverConfigEvents`, `firstConfig_changeSet`, `firstConfig_config`, `firstConfig_state`, `lastConfig_changeSet`, `lastConfig_config`, `lastConfig_state`, `isInSync`, `UniqueStateEventsToSync`, `canRecoverStateEvents`, `firstState_baseUrl`, `firstState_config`, `firstState_state`, `firstState_name`, `lastState_config`, `lastState_state`, `duration`, `config_data` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.principal.user.userid`: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - `event.idm.read_only_udm.target.resource.attribute.labels`: Newly mapped `log_level_num`, `nepk`, `firstState_url`, `lastState_changeSet`, `lastState_baseUrl`, `lastState_url`, `lastState_op`, `lastState_serial`, `lastState_name` raw log fields with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.metadata.product_event_type`: Newly mapped `name` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - `event.idm.read_only_udm.security_result.action_details`: Newly mapped `taskStatus` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - `event.idm.read_only_udm.security_result.severity`: Newly mapped `logLevel` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. - `event.idm.read_only_udm.about.resource.name`: Newly mapped `firstConfig_baseUrl` raw log field with `event.idm.read_only_udm.about.resource.name` UDM field. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `firstConfig_url` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - `event.idm.read_only_udm.about.labels`: Newly mapped `firstConfig_op`, `firstConfig_serial`, `lastConfig_baseUrl`, `lastConfig_url`, `lastConfig_op`, `lastConfig_serial`, `firstState_changeSet`, `firstState_op`, `firstState_serial`, `OnGms_1`, `OnApp_1`, `Diff_1` raw log fields with `event.idm.read_only_udm.about.labels` UDM field. - `event.idm.read_only_udm.metadata.event_type`: If `has_user` is true, updated to "USER_UNCATEGORIZED". |
| 2024-06-10 | Enhancement:
- Added a Grok pattern to parse the new pattern of SYSLOG format logs. - Mapped "summary" to "security_result.summary". - Mapped "userid" to "principal.user.userid". - Mapped "hostname" to "target.hostname" and "target.asset.hostname". - Mapped "command" to "principal.process.command_line". - Mapped "principal_ip" to "principal.asset.ip" and "principal.asset.ip". - When "userid", "hostname" are present, and "description" is nearly equal to "login", then set "metadata.event_type" to "USER_LOGIN". - When "principal_present" is true, then set "metadata.event_type" to "STATUS_UPDATE". |
| 2023-05-03 | Newly created parser.
|