Change log for HAPROXY
| Date | Changes |
|---|---|
| 2026-06-01 | Enhancement:
- Added a grok pattern to parse the raw logs. - `event.idm.read_only_udm.network.tls.client.server_name`: Newly mapped `sni` raw log field with `event.idm.read_only_udm.network.tls.client.server_name` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `sys_time` field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.principal.application`: Newly mapped `prin_app` field with `event.idm.read_only_udm.principal.application` UDM field. - `event.idm.read_only_udm.principal.process.pid`: Newly mapped `prin_pid` field with `event.idm.read_only_udm.principal.process.pid` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `date_time` field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.observer.resource.attribute.labels`: Newly mapped `frontendName`, `backendName` fields with `event.idm.read_only_udm.observer.resource.attribute.labels` UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped `uri` raw log field with `event.idm.read_only_udm.target.url` UDM field. - Added a grok pattern on `request` raw log field to extract `method`, `proto` and `tar_host` fields. - `event.idm.read_only_udm.network.http.method`: Newly mapped `method` field with `event.idm.read_only_udm.network.http.method` UDM field. - `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip`: Newly mapped `host_ip` field with `event.idm.read_only_udm.target.ip` and `event.idm.read_only_udm.target.asset.ip` UDM field. - `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `host` raw log field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field. - `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname`: Newly mapped `tar_host` field with `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field when `host` raw log field is null. - `event.idm.read_only_udm.network.application_protocol_version`: Newly mapped `proto` field with `event.idm.read_only_udm.network.application_protocol_version` UDM field. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped `proto_value` field with `event.idm.read_only_udm.network.application_protocol` UDM field. - `event.idm.read_only_udm.metadata.event_type`: Updated the `event.idm.read_only_udm.metadata.event_type` to `NETWORK_HTTP`, `NETWORK_CONNECTION` and `STATUS_UPDATE` when necessary raw log fields are present else set it to `GENERIC_EVENT`. - `event.idm.read_only_udm.additional.fields`: Newly mapped `timers` field with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2025-07-30 | Enhancement:
- Added a Grok pattern to parse new pattern of logs. - Added KV filter block to parse the kv_data field, splitting keys and values. - `event.idm.read_only_udm.principal.ip`: Newly mapped `source_ip` raw log field with `event.idm.read_only_udm.principal.ip` UDM field . - `event.idm.read_only_udm.principal.asset.ip`: Newly mapped `source_ip` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field . - `event.idm.read_only_udm.principal.port`: Newly mapped `source_port` raw log field with `event.idm.read_only_udm.principal.port` UDM field . - `event.idm.read_only_udm.network.http.response_code`: Newly mapped `status_code` raw log field with `event.idm.read_only_udm.network.http.response_code` UDM field . - `event.idm.read_only_udm.network.received_bytes`: Newly mapped `bytes` raw log field with `event.idm.read_only_udm.network.received_bytes` UDM field . - `event.idm.read_only_udm.intermediary.ip`: Newly mapped `inter_ip` (from header_host) raw log field with `event.idm.read_only_udm.intermediary.ip` UDM field . - `event.idm.read_only_udm.intermediary.port`: Newly mapped `inter_port` (from header_host) raw log field with `event.idm.read_only_udm.intermediary.port` UDM field . - `event.idm.read_only_udm.target.ip`: Newly mapped `destination_ip` raw log field with `event.idm.read_only_udm.target.ip` UDM field . - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `destination_ip` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field . - `event.idm.read_only_udm.target.port`: Newly mapped `destination_port` raw log field with `event.idm.read_only_udm.target.port` UDM field . - `event.idm.read_only_udm.network.http.referral_url`: Newly mapped `referer` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field . - `event.idm.read_only_udm.network.http.user_agent`: Newly mapped `user_agent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `time_stamp` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `x_forwarded_for` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `content_length` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field . - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `datetime` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field . |
| 2024-08-23 | Enhancement:
- Added support for a new pattern of syslog logs. |
| 2023-09-25 | Enhancement:
- Added new Grok patterns to parse new type of logs. - Mapped "http_version" to "metadata.product_version". - Mapped "user_name" to "target.user.userid". - Mapped "process_name" to "target.application". - Mapped "severity" to "security_result.severity". - Mapped "msg" to "security_result.summary". - Added new conditions for new log types and their severity. |
| 2023-05-08 | - Added new Grok pattern to parse new type of logs.
|
| 2022-10-20 | Newly created parser.
|