Change log for FORTINET_FORTIMANAGER
| Date | Changes |
|---|---|
| 2026-01-16 | Enhancement:
- event.idm.read_only_udm.additional.fields: Newly mapped `vd` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `unauthuser` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `unauthusersource` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `level` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `trandisp` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `policyid` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `sentpkt` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `rcvdpkt` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `sentdelta` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `rcvddelta` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `durationdelta` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `sentpktdelta` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `rcvdpktdelta` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `crscore` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `poluuid` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `policytype` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `policyname` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `craction` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields: Newly mapped `crlevel` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.target.resource.resource_subtype: Newly mapped `subtype` raw log field with `event.idm.read_only_udm.target.resource.resource_subtype` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `logid` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.principal.asset.asset_id: Newly mapped `devid` raw log field with `event.idm.read_only_udm.principal.asset.asset_id` UDM field. - event.idm.read_only_udm.src.ip: Newly mapped `srcip` raw log field with `event.idm.read_only_udm.src.ip` UDM field. - event.idm.read_only_udm.src.asset.ip: Newly mapped `srcip` raw log field with `event.idm.read_only_udm.src.asset.ip` UDM field. - event.idm.read_only_udm.src.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.src.ip` UDM field. - event.idm.read_only_udm.src.asset.ip: Newly mapped `src` raw log field with `event.idm.read_only_udm.src.asset.ip` UDM field. - event.idm.read_only_udm.src.hostname: Newly mapped `srcname` raw log field with `event.idm.read_only_udm.src.hostname` UDM field. - event.idm.read_only_udm.src.asset.hostname: Newly mapped `srcname` raw log field with `event.idm.read_only_udm.src.asset.hostname` UDM field. - event.idm.read_only_udm.src.port: Newly mapped `srcport` raw log field with `event.idm.read_only_udm.src.port` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `dst` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.target.port: Newly mapped `dstport` raw log field with `event.idm.read_only_udm.target.port` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `dstintf` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `dstintfrole` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.principal.location.country_or_region: Newly mapped `srccountry` raw log field with `event.idm.read_only_udm.principal.location.country_or_region` UDM field. - event.idm.read_only_udm.target.location.country_or_region: Newly mapped `dstcountry` raw log field with `event.idm.read_only_udm.target.location.country_or_region` UDM field. - event.idm.read_only_udm.network.session_id: Newly mapped `sessionid` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - event.idm.read_only_udm.network.application_protocol: Newly mapped `app_protocol_output` raw log field with `event.idm.read_only_udm.network.application_protocol` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `proto` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `view` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `CAT` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `product_id` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `product_name` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `vendor_name` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `qtype` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.action: Newly mapped `action` raw log field with `event.idm.read_only_udm.security_result.action` UDM field. - event.idm.read_only_udm.security_result.action_details: Newly mapped `action` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - event.idm.read_only_udm.network.session_duration.seconds: Newly mapped `duration` raw log field with `event.idm.read_only_udm.network.session_duration.seconds` UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `appcat` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.platform_version: Newly mapped `srchwversion` raw log field with `event.idm.read_only_udm.src.platform_version` UDM field. - event.idm.read_only_udm.principal.mac: Newly mapped `mastersrcmac` raw log field with `event.idm.read_only_udm.principal.mac` UDM field. - event.idm.read_only_udm.principal.asset.mac: Newly mapped `mastersrcmac` raw log field with `event.idm.read_only_udm.principal.asset.mac` UDM field. - event.idm.read_only_udm.intermediary.resource.id: Newly mapped `r_value` raw log field with `event.idm.read_only_udm.intermediary.resource.id` UDM field. - event.idm.read_only_udm.intermediary.resource.name: Newly mapped `resource_name` raw log field with `event.idm.read_only_udm.intermediary.resource.name` UDM field. - event.idm.read_only_udm.intermediary.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.intermediary.hostname` UDM field. - event.idm.read_only_udm.intermediary.asset.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.intermediary.asset.hostname` UDM field. - event.idm.read_only_udm.intermediary.ip: Newly mapped `ip` raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field. - event.idm.read_only_udm.intermediary.asset.ip: Newly mapped `ip` raw log field with `event.idm.read_only_udm.intermediary.asset.ip` UDM field. - event.idm.read_only_udm.intermediary.resource.attribute.labels: Newly mapped `process_id` raw log field with `event.idm.read_only_udm.intermediary.resource.attribute.labels` UDM field. - event.idm.read_only_udm.intermediary.process.command_line: Newly mapped `process` raw log field with `event.idm.read_only_udm.intermediary.process.command_line` UDM field. - event.idm.read_only_udm.intermediary.application: Newly mapped `app` raw log field with `event.idm.read_only_udm.intermediary.application` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srcserver` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srcintfrole` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srcswversion` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srchwvendor` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srcfamily` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `spt` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.resource.attribute.labels: Newly mapped `srcintf` raw log field with `event.idm.read_only_udm.src.resource.attribute.labels` UDM field. - event.idm.read_only_udm.src.mac: Newly mapped `srcmac` raw log field with `event.idm.read_only_udm.src.mac` UDM field. - event.idm.read_only_udm.src.asset.mac: Newly mapped `srcmac` raw log field with `event.idm.read_only_udm.src.asset.mac` UDM field. - event.idm.read_only_udm.principal.resource.name: Newly mapped `service` raw log field with `event.idm.read_only_udm.principal.resource.name` UDM field. - event.idm.read_only_udm.network.sent_bytes: Newly mapped `sentbyte` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field. - event.idm.read_only_udm.network.received_bytes: Newly mapped `rcvdbyte` raw log field with `event.idm.read_only_udm.network.received_bytes` UDM field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly mapped `devtype` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM field. - event.idm.read_only_udm.principal.platform_version: Newly mapped `osname` raw log field with `event.idm.read_only_udm.principal.platform_version` UDM field. |
| 2025-04-24 | Enhancement:
- Masked few fields in the logs. |
| 2025-04-16 | Enhancement:
- Added support for eventtimestamp to parse the timestamp in the new format. - event.idm.read_only_udm.additional.fields : Newly Mapped `adom` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `pkgname` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `_signal-lte-rsrq` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `_signal-lte-rssi` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `performed_on` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `changes` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields : Newly Mapped `_signal-lte-rsrq-raw` raw log field with `event.idm.read_only_udm.additional.fields |
| 2025-03-25 | Enhancement:
- Added a Grok pattern to parse new pattern of syslog logs. - Added a date block to parse the date in this new pattern of syslog logs. |
| 2025-01-24 | Enhancement:
- Added a Grok pattern to parse unparsed logs. |
| 2024-09-18 | Enhancement:
- Added "gsub" to parse unparsed logs. |
| 2024-08-02 | - Newly created parser.
|