Change log for REDHAT_OPENSHIFT
| Date | Changes |
|---|---|
| 2025-12-22 | Enhancement:
- `event.idm.read_only_udm.principal.process.pid`: Newly mapped `pid` raw log field to `event.idm.read_only_udm.principal.process.pid`. - event.idm.read_only_udm.target.file.full_path: Newly mapped `kubernetes.container_image` raw log field to event.idm.read_only_udm.target.file.full_path. - `event.idm.read_only_udm.target.application`: Newly mapped `kubernetes.container_name` raw log field to `event.idm.read_only_udm.target.application`. - `event.idm.read_only_udm.target.namespace`: Newly mapped `kubernetes.namespace_name` raw log field to `event.idm.read_only_udm.target.namespace`. - `event.idm.read_only_udm.target.ip`: Newly mapped `kubernetes.pod_ip` raw log field to `event.idm.read_only_udm.target.ip`. - `event.idm.read_only_udm.target.asset.ip`: Newly mapped `kubernetes.pod_ip` raw log field to `event.idm.read_only_udm.target.asset.ip`. - `event.idm.read_only_udm.target.resource.name`: Newly mapped `kubernetes.pod_name` raw log field to `event.idm.read_only_udm.target.resource.name`. - `event.idm.read_only_udm.target.resource.product_object_id`: Newly mapped `kubernetes.pod_id` raw log field to `event.idm.read_only_udm.target.resource.product_object_id`. - `event.idm.read_only_udm.observer.process.pid`: Newly mapped `systemd.t.PID` raw log field to `event.idm.read_only_udm.observer.process.pid`. - `event.idm.read_only_udm.observer.process.file.full_path`: Newly mapped `systemd.t.EXE` raw log field to `event.idm.read_only_udm.observer.process.file.full_path`. - `event.idm.read_only_udm.observer.process.command_line`: Newly mapped `systemd.t.CMDLINE` raw log field to `event.idm.read_only_udm.observer.process.command_line`. - `event.idm.read_only_udm.observer.user.userid`: Newly mapped `systemd.t.UID` raw log field to `event.idm.read_only_udm.observer.user.userid`. - `event.idm.read_only_udm.observer.group.product_object_id`: Newly mapped `systemd.t.GID` raw log field to `event.idm.read_only_udm.observer.group.product_object_id`. - `event.idm.read_only_udm.observer.asset.asset_id`: Newly mapped `systemd.t.MACHINE_ID` raw log field to `event.idm.read_only_udm.observer.asset.asset_id`. - `event.idm.read_only_udm.observer.application`: Newly mapped `systemd.t.SYSTEMD_UNIT` raw log field to `event.idm.read_only_udm.observer.application`. - `event.idm.read_only_udm.observer.application`: Newly mapped `systemd.u.SYSLOG_IDENTIFIER` raw log field to `event.idm.read_only_udm.observer.application`. - `event.idm.read_only_udm.additional.fields`: Newly mapped `name`, `interface`, `default`, `kubernetes.labels.app`, `kubernetes.labels.pod-template-hash`, `kubernetes.labels.svcname`, `kubernetes.namespace_labels.kubernetes_io_metadata_name`, `kubernetes.namespace_labels.pod-security_kubernetes_io_audit`, `kubernetes.namespace_labels.pod-security_kubernetes_io_audit-version`, `kubernetes.namespace_labels.pod-security_kubernetes_io_warn`, `kubernetes.namespace_labels.pod-security_kubernetes_io_warn-version`, `kubernetes.namespace_labels.storage_openshift_io_fsgroup-change-policy`, `systemd.t.COMM`, `crio_message_timestamp`, `kubernetes.annotations.k8s.v1.cni.cncf.io/network-status`, `openshift_audit_level`, `requestReceivedTimestamp`, `stageTimestamp`, `kubernetes.container_id`, `kubernetes.container_iostream`, `kubernetes.namespace_id`, `kubernetes.pod_owner`, `tag`, `systemd.t.BOOT_ID`, `systemd.t.CAP_EFFECTIVE`, `systemd.t.SELINUX_CONTEXT`, `systemd.t.STREAM_ID`, `systemd.t.SYSTEMD_CGROUP`, `systemd.t.SYSTEMD_INVOCATION_ID`, `systemd.t.SYSTEMD_SLICE`, `systemd.t.TRANSPORT`, `systemd.u.SYSLOG_FACILITY`, `default.ip_address`, `default.gateway_ip`, `default.mac_address`, `default.role`, `routedst.dest` raw log fields to `event.idm.read_only_udm.additional.fields`. - Adjusted positions of grok pattern so that specific grok can be prioritized over generic grok. |
| 2025-08-13 | Enhancement:
- Modified Grok pattern to extract observer_hostname. - event.idm.read_only_udm.observer.hostname: Newly mapped observer_hostname raw log field with event.idm.read_only_udm.observer.hostname UDM field. - event.idm.read_only_udm.metadata.collected_timestamp: Newly mapped requestReceivedTimestamp raw log field with event.idm.read_only_udm.metadata.collected_timestamp UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped user.extra.authentication.kubernetes.io/pod-name, user.extra.authentication.kubernetes.io/pod-uid raw log field(s) with event.idm.read_only_udm.target.resource.attribute.labels UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped openshift.sequence raw log field with event.idm.read_only_udm.additional.fields UDM field. |
| 2025-06-17 | Enhancement:
- event.idm.read_only_udm.observer.hostname: Newly mapped `app_name` raw log field to `event.idm.read_only_udm.observer.hostname` UDM Field. - event.idm.read_only_udm.additional.fields: Newly mapped `facility` raw log field to `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.observer.resource.name: Newly mapped `log_source` raw log field to `event.idm.read_only_udm.observer.resource.name` UDM Field. |
| 2025-03-03 | Enhancement:
- Added support for a new log format. |
| 2024-12-12 | Enhancement:
- Added support to handle JSON logs. |
| 2022-08-17 | Newly created parser |