Announcing Graylog Illuminate v3.3.1

Announcing Graylog Illuminate 3.3.1

  • This version of Illuminate requires Graylog Server version 5.0.3 or later
  • Converted Fortigate from using event_code to event_id
    • While the Fortigate field is numeric it contains leading 0’s and is not intended to be used as a literal numeric value
    • event_code is used for numeric fields to allow ranged searches and other numeric operators
  • Defined static mappings for the fields event_code and event_id
    • These fields previously relied on dynamic mappings but this caused mapping conflict errors

 

GRAYLOG ILLUMINATE 3.3.1

Released: 2023-06-02

Fixes

  • event_code and event_id not mapped (#920)
  • pfSense dashboard widgets not aligned (#1310)
  • pfSense dashboard time series graphs not displaying correctly (#1316)
  • Checkpoint event_action value using allowed and not allow (#1321)
  • Checkpoint event_severity_level not always defined (#1325)
  • Watchguard not identifying some message formats (#1331)
  • Snort Spotlight IDS tab missing widget title (#1328)

 

Enhancements

  • Additional field renaming for Snort 3 IDS logs (#1304)
  • Improved Cisco ASA saved search (#1306)

 

Known Issues

  • Auditbeat cannot process events with multiple values assigned to vendor_event_action (#622)

 

Let us know what you’d like to have included in our GitHub issue tracker.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.