Change log for ARUBA_SWITCH
| Date | Changes |
|---|---|
| 2025-10-29 | Enhancement:
- Added grok patterns to parse new patterns of syslogs. - event.idm.read_only_udm.principal.mac: Newly mapped `prin_mac` raw log field with `event.idm.read_only_udm.principal.mac` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `subscriber` raw log field to `event.idm.read_only_udm.additional.fields` as key "subscriber". - event.idm.read_only_udm.network.application_protocol: Newly mapped "SSH" when the description contains "SSH". |
| 2025-09-03 | Enhancement:
- event.idm.read_only_udm.security_result.summary: Newly mapped `event.idm.read_only_udm.security_result.summary` with `off-line` if the `status_msg` raw log field contains `off-line` else if the `status_msg` raw log field contains `on-line` then mapped with `on-line` else mapped with the value of `status_msg` raw log field. |
| 2025-08-28 | Enhancement:
- Updated a Grok pattern to support new pattern of logs. - Added Grok patterns to extract port information (`gen_port`) from `description` field. - event.idm.read_only_udm.target.resource.name: Newly mapped `gen_port` raw log field to `event.idm.read_only_udm.target.resource.name` UDM field. |
| 2025-08-21 | Enhancement:
- Added a Grok pattern to parse new pattern of logs. - event.idm.read_only_udm.principal.ip and event.idm.read_only_udm.principal.asset.ip: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - event.idm.read_only_udm.additional.fields: Newly mapped `log_id`, `priority` and `facility` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - Modified `sys_time` date pattern to support new pattern of timestamp. |
| 2025-05-26 | Enhancement:
- Added grok patterns to support new pattern of SYSLOG logs. - event.idm.read_only_udm.security_result.action_details: Newly mapped `status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - Changed `event_type` from `NETWORK_CONNECTION` to `STATUS_UPDATE` when target machine data is not available. - Added support for new pattern of timestamp. - Added a grok pattern to parse new pattern of description field. - Modified the `if` condition for `user_id` raw_field. - Removed the setting of `has_target` as `true`, if there is no target machine data. |
| 2024-11-14 | Enhancement:
- Mapped "severity" to "security_result.severity". |
| 2024-10-29 | Enhancement:
- Modified grok pattern to parse "severity" and "amm" fields. |
| 2024-10-16 | Enhancement:
- Added support for new format of SYSLOG logs. - Changed mapping of "userid" from "principal.user.userid" to "target.user.userid". - Based on the log description, set "metadata.event_type" as "USER_LOGIN" or "USER_LOGOUT" or "NETWORK_CONNECTION". - Based on the log description, set "security_result.action" as "ALLOW" or "BLOCK". |
| 2024-09-17 | Enhancement:
- Added support for a new pattern of SYSLOG logs. |
| 2024-04-18 | - Newly created parser.
|