Universal Normalizer
Universal Normalizer enables you to normalize structured logs, extract their fields and rename those fields to comply with Logpoint taxonomy and add labels. It provides a generic interface to create, install and update a custom compiled normalizer for JSON, CEF, LEEF, CSV, XML and Key-Value pair log types.
Key Information
Once you update Universal Normalizer to 5.7.0, you need to go to Settings > Configuration > Universal Normalizer and update your normalizers.
Package Details
Enhancement
|
Description |
Issue ID | Reference ID |
|---|---|---|
|
The regex used as a Log identifier is now fully sanitized, preventing any possibility of Remote Code Execution. |
PLUG-13122 | - |
Past Releases
Universal Normalizer v5.6.0
Release Date: March 22, 2024
Supported On: Logpoint v7.2.1 and later
Download: UniversalNormalizer_5.6.0.pak
SHA256: 6e512b9b15a22c38233bb8fd9a0addd53632f225877a760ac397326466db17b0
Enhancement
|
Description |
Issue ID | Reference ID |
|---|---|---|
|
Updated Universal Normalizer to make the created custom-compiled normalizers compatible with the latest version of CNDP. |
KB-24481 | - |
Universal Normalizer v5.5.0
Release Date: February 12, 2024
Supported On: Logpoint v7.2.1 and later
Download: UniversalNormalizer_5.5.0.pak
SHA256: cb983a68a9eb1bfd38925e6179a2a577a7f6ffd1d64f9bcab6716482a08c6272
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
The suffix Universal appears in the name of a custom application created using a vendor package. The suffix is not reflected in the Universal Normalizer user interface but can be seen under Settings >> System >> Applications. To learn more, go to Importing a Vendor Package. |
KB-23926 | - |
Universal Normalizer v5.4.0
Release Date: January 25, 2024
Supported On: Logpoint v7.2.1 and later
Download: UniversalNormalizer_5.4.0.pak
SHA256: 5c68680b64c054013ecec2c1e67c2bc27bf8ef5c1a9383e5c1bc4662273ed71f
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| You can now extract the header of JSON, CEF, LEEF, CSV, XML and Key-Value Pair logs. To learn how, go to Parse Field Further | KB-23657 | - |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| Installation of Universal Normalizer v5.2.0 or v5.3.0 disabled the installation and uninstallation of AgentX Server v1.2.0. | KB-23508 | 78894, 79075, 78531 |
|
A field containing the value in date_time format, for example, "atime": "2023-09-01_15:49:30.864+0200", was not correctly normalized by the custom compiled normalizers generated by Universal Normalizer. |
KB-23700 | - |
Universal Normalizer v5.3.0
Supported On: Logpoint v7.2.1 and later
Download: UniversalNormalizer_5.3.0.pak
SHA256: c8d01271590416c8cddf33a9b237f0b91ec19fc716aaf9afbf681df464da4f21Key Information
- After installing Universal Normalizer, you can find it under Settings >> Configurations.
- The created custom-compiled normalizers are compatible with CNDP.
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
You can now enter a sample log to test the configuration's correctness. |
KB-18069 |
- |
|
The Exclude Fields only supports field name(s) with any combination of lowercase letters, numbers, and underscore (_). |
KB-22390 | - |
| You can now select a parsing depth to which JSON logs can be parsed further. | KB-21829 | - |
Universal Normalizer v5.2.0
Supported On: Logpoint v7.2.1 and later
Download: UniversalNormalizer_5.2.0.pak
SHA256: 26b53a1ffba0ada36a0742edd3452dea4a22dc3078ff40abf5b9eca704f7270b
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
You can now export the config file of a custom-compiled normalizer and re-upload it to create a new custom-compiled normalizer. Go to Export a Config File to learn more about it. |
KB-20851 |
- |
|
You can now exclude certain fields from normalized logs. Mandatory fields sig_id, norm_id, device_category and label cannot be excluded. |
KB- 20378 | - |
| You can now upload vendor packages to install a custom complied normalizer without the need to fill in the configuration form. Go to Import a Vendor Package to learn more about it. | KB- 20124 | - |
Bug Fix
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| Universal Normalizer could not apply the taxonomy as per the taxonomies defined in the Taxonomy fields. | KB-20295 | - |
Universal Normalizer v5.1.0
Supported On: Logpoint v7.1.1 or later
Download: UniversalNormalizer_5.1.0.pak
SHA256: 3035464cdd6d3d457170a4ea49c19cf78dad4d74565c8e9853e8f6a43c9a1045
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| Updated Universal Normalizer to support the normalization of key-value pair logs with and without a space after delimiter. | KB-19722 | - |
|
The character length limit for the Log Identifier Regex form field is increased from 100 to 300 to handle the long and complex regex. |
KB-19743 | - |
Support
If you have any questions or require assistance, create a support ticket here.
Comments
Article is closed for comments.