Change log for RUCKUS_WIRELESS
| Date | Changes |
|---|---|
| 2025-10-31 | - Added new Grok patterns to parse the unparsed logs.
- 'event.idm.read_only_udm.metadata.product_log_id': Newly mapped 'sequenceId' raw log field with 'event.idm.read_only_udm.metadata.product_log_id' UDM field. - 'event.idm.read_only_udm.metadata.product_event_type': Newly mapped 'type' raw log field with 'event.idm.read_only_udm.metadata.product_event_type' UDM field. - 'event.idm.read_only_udm.principal.user.userid': Newly mapped 'uid', 'p_user', 'prin_user', 'user' raw log fields with 'event.idm.read_only_udm.principal.user.userid' UDM field. - 'event.idm.read_only_udm.principal.user.attribute.labels': Newly mapped 'auid', 'subj', 'p_uid' raw log fields with 'event.idm.read_only_udm.principal.user.attribute.labels' UDM field. - 'event.idm.read_only_udm.principal.process.file.full_path': Newly mapped 'cwd' raw log field with 'event.idm.read_only_udm.principal.process.file.full_path' UDM field. - 'event.idm.read_only_udm.target.user.userid': Newly mapped 'acct', 't_user', 'user' raw log fields with 'event.idm.read_only_udm.target.user.userid' UDM field. - 'event.idm.read_only_udm.target.user.attribute.labels': Newly mapped 't_uid' raw log field with 'event.idm.read_only_udm.target.user.attribute.labels' UDM field. - 'event.idm.read_only_udm.target.process.command_line': Newly mapped 'cmd', 'cmd_line' raw log fields with 'event.idm.read_only_udm.target.process.command_line' UDM field. - 'event.idm.read_only_udm.target.process.file.full_path': Newly mapped 'exe' raw log field with 'event.idm.read_only_udm.target.process.file.full_path' UDM field. - 'event.idm.read_only_udm.network.session_id': Newly mapped 'session_id' raw log field with 'event.idm.read_only_udm.network.session_id' UDM field. - 'event.idm.read_only_udm.extensions.auth.auth_details': Newly mapped 'grantors', 'auth_method' raw log fields with 'event.idm.read_only_udm.extensions.auth.auth_details' UDM field. - 'event.idm.read_only_udm.security_result.action': Statically mapped to 'ALLOW' or 'BLOCK' based on the value of the 'res' field. - 'event.idm.read_only_udm.extensions.auth.type': Statically mapped to 'AUTHTYPE_UNSPECIFIED' for certain event types and messages. - 'event.idm.read_only_udm.security_result.description': Mapped from 'pam_msg' or 'audit_msg' based on parsing success and description field. - 'event.idm.read_only_udm.security_result.action_details': Mapped from the 'op' field. |
| 2024-07-02 | - Added new Grok patterns to parse the unparsed logs.
- Mapped "summary" to "security_result.description". |
| 2023-01-06 | Added new grok patterns to parse the unparsed logs.
|
| 2022-09-12 | Newly created parser.
|