Change log for MONGO_DB
| Date | Changes | 
|---|---|
| 2025-03-12 | Enhancement: - Mapped "accessLog.authResult" to "additional.fields". - Mapped "accessLog.authSource" to "additional.fields". - Mapped "accessLog.failureReason" to "additional.fields". - Mapped "accessLog.groupId" to "target.resource.product_object_id". - Mapped "accessLog.hostname" to "principal.hostname". - Mapped "accessLog.ipAddress" to "intermediary.ip". - Mapped "accessLog.logLine.t.$date" to "additional.fields". - Mapped "accessLog.logLine.s" to "additional.fields". - Mapped "accessLog.logLine.c" to "additional.fields". - Mapped "accessLog.logLine.id" to "additional.fields". - Mapped "accessLog.logLine.ctx" to "additional.fields". - Mapped "accessLog.logLine.msg" to "additional.fields". - Mapped "accessLog.logLine.attr.client" to "additional.fields". - Mapped "accessLog.logLine.attr.isSpeculative" to "additional.fields". - Mapped "accessLog.logLine.attr.isClusterMember" to "additional.fields". - Mapped "accessLog.logLine.attr.mechanism" to "additional.fields". - Mapped "accessLog.logLine.attr.user" to "additional.fields". - Mapped "accessLog.logLine.attr.db" to "additional.fields". - Mapped "accessLog.logLine.attr.result" to "additional.fields". - Mapped "accessLog.logLine.attr.metrics.conversation_duration.micros" to "additional.fields". - Mapped "accessLog.logLine.attr.metrics.conversation_duration.summary.step" to "additional.fields". - Mapped "accessLog.logLine.attr.metrics.conversation_duration.summary.step_total" to "additional.fields". - Mapped "accessLog.logLine.attr.metrics.conversation_duration.summary.duration_micros" to "additional.fields". - Mapped "accessLog.username" to "target.user.user_display_name". - Mapped "accessLog.timestamp" to "additional.fields". | 
| 2024-04-01 | Enhancement: - Mapped "roles.db" to "principal.user.attribute.roles". - When "atype" is "updateUser", "createUser", "createRole", "grantRolesToUser": -Mapped "roles.db" to "target.user.attribute.roles". | 
| 2024-02-23 | Enhancement: Supported new format of JSON logs. | 
| 2023-05-26 | Enhancement: Parsed logs having "atype" value as "dropIndex", "createIndex", "clientMetadata", "logout". When the value of "atype" is "clientMetadata" mapped the following fields: - The field "log.param.clientMetadata.os.type" is mapped to "principal.platform". - The field "log.param.clientMetadata.os.version" is mapped to "principal.platform_version". - The field "log.param.clientMetadata.os.name" is mapped to "principal.platform_patch_level". - The field "log.param.clientMetadata.os.architecture" is mapped to "principal.asset.hardware[n].cpu_platform". - The field "log.param.clientMetadata.driver.name" is mapped to "principal.asset.software[n].name". - The field "log.param.clientMetadata.driver.version" is mapped to "principal.asset.software[n].version". - "metadata.event_type" is set to "STATUS_UPDATE". When the value of "atype" is "logout" mapped the following fields: - The field "log.param.reason" is mapped to "security_result.description". - The field "log.param.initialUsers[0].db" is mapped to "target.resource.name" and "target.administrative_domain". - The field "log.param.initialUsers[0].user" is mapped to "target.user.userid". - The field "log.param.initialUsers[1..n].user" is mapped to "about.user.userid". - "metadata.event_type" is set to "USER_LOGOUT". When the value of "atype" is "createIndex" mapped the following fields: - The field "log.param.ns" is mapped to "target.resource.name". - The field "log.param.indexBuildState" is mapped to "security_result.description". - The field "log.param.indexName" is mapped to "target.resource.attribute.labels". - "metadata.event_type" is set to "RESOURCE_CREATION". When the value of "atype" is "dropIndex" mapped the following fields: - The field "log.param.ns" is mapped to "target.resource.name". - The field "log.param.indexBuildState" is mapped to "security_result.description". - The field "log.param.indexName" is mapped to "target.resource.attribute.labels". - "metadata.event_type" is set to "RESOURCE_DELETION". | 
| 2022-09-15 | Enhancement - Migrated to default parser. | 
| 2022-06-28 | Enhancement: Parsed logs having "category" value as "NETWORK", "STORAGE", "ACCESS", "COMMAND", "CONNPOOL", "SHARDING", "REPL". - The field "log.t.$date" mapped to "metadata.event_timestamp". - The field "log.c" mapped to "metadata.product_event_type". - The field "log.attr.remote" mapped to "principal.ip" and "principal.port" accordingly. - The field "log.attr.doc.application.name" mapped to "target.application". - The field "log.s" mapped to "security_result.severity". - The field "log.attr.connectionId" mapped to "additional.fields[n]". - The field "log.attr.connectionCount" mapped to "additional.fields[n]". - The field "log.ctx" mapped to "additional.fields". - The field "log.msg" mapped to "metadata.description". - The field "log.id" mapped to "metadata.product_log_id". - When the value of "log.c" is "NETWORK" mapped following fields: - The field "log.attr.doc.os.type" mapped to "principal.platform". - The field "log.attr.doc.os.version" mapped to "principal.platform_version". - The field "log.attr.doc.os.name" mapped to "principal.platform_patch_level". - The field "log.attr.doc.os.architecture" mapped to "principal.asset.hardware[n].cpu_platform". - The field "log.attr.doc.driver.name" mapped to "principal.asset.software[n].name". - The field "log.attr.doc.driver.version" mapped to "principal.asset.software[n].version". - When the value of "log.c" is "STORAGE" mapped following fields: - The field "log.attr.message" to "security_result.summary". - When the value of "log.c" is "ACCESS" mapped following fields: - The field "log.attr.authenticationDatabase" to "target.resource.name". - The field "log.attr.error" to "security_result.summary". - The field "log.attr.principalName" to "target.user.userid". - The field "log.attr.mechanism" to "extensions.auth.auth_details". - When the value of "log.c" is "COMMAND" mapped following fields: - The field "log.attr.ns" to "principal.namespace". - The field "log.attr.command.$db" to "target.resource.name". - The field "log.attr.planSummary" to "security_result.summary". - The field "log.attr.command.$readPreference.mode" to "target.resource.attribute.labels[n]". - The field "log.attr.queryHash" to "target.resource.attribute.labels[n]". - The field "log.attr.storage.data.bytesRead" to "target.resource.attribute.labels[n]". - The field "log.attr.storage.data.timeReadingMicros" to "target.resource.attribute.labels[n]". - The field "log.attr.protocol" to "target.resource.attribute.labels[n]". - When the value of "log.c" is "CONNPOOL" mapped following fields: - The field "log.attr.hostAndPort" to "principal.hostname" and "principal.port" accordingly. |