Change log for CISCO_TACACS
| Date | Changes |
|---|---|
| 2026-01-29 | Enhancement:
- Added new grok pattern to parse new log format. - event.idm.read_only_udm.principal.user.userid: Newly mapped `common_username` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.target.application: Newly mapped `common_service` raw log field with `event.idm.read_only_udm.target.application` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `tacacs_remote_address` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.network.session_id: Newly mapped `tacacs_acct_session_id` raw log field with `event.idm.read_only_udm.network.session_id` UDM field. - event.idm.read_only_udm.principal.nat_ip: Newly mapped `common_nas_ip_address` raw log field with `event.idm.read_only_udm.principal.nat_ip` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `tacacs_privilege_level`, `tacacs_acct_flags`, `tacacs_auth_source`, `tacacs_authen_method`, `tacacs_authen_service`, `tacacs_authen_type`, `tacacs_enforcement_profiles`, `tacacs_request_type`, `tacacs_session_log_timestamp`, `common_request_timestamp`, `tacacs_acct_timestamp`, `tacacs_authen_action` raw log field(s) with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.metadata.event_type: If `has_principal` is true, updated to `STATUS_UPDATE`. - event.idm.read_only_udm.metadata.event_type: If `has_principal_user` is true, updated to `USER_UNCATEGORIZED`. |
| 2024-11-07 | Enhancement:
- Added support to handle SYSLOG+KV logs. |
| 2024-09-19 | Enhancement:
- Added support for new log format. |
| 2022-08-09 | Bug fix -
-Modified mapping for the field 'Networkdevicename' from 'prinicipal.asset.hostname' to 'intermediary.hostname'. |
| 2022-03-22 | Newly created parser.
|