Beginning Oct. 23rd, 2017, all Distil private deployment customers who are currently ingesting streaming logs from the Distil appliance via rsyslog may observe additional changes to streaming log fields.
These changes include:
- Distil will be adding the following two new fields to the end of the web traffic log:
- Custom token ID (field 66) – Hashed identifier based on the custom token in the request
- Custom token location (field 67) – Where the custom token was located in the request
- The existing identification provider field (field 62) may now contain a value of "custom_token"
Existing log fields will receive ongoing support and will not be subject to change without prior notice. However, as part of ongoing feature development, Distil may expand the width of the log line and add additional fields to the internal streaming format. It’s important that any custom parsers be able to handle the addition of fields. Information about use of new fields will be shared at a future time.
You can find the full list of web security access log definitions in our knowledge base article, Distil Access Log Values - Web Security.
If you have any questions don’t hesitate to reach out to Distil Support at firstname.lastname@example.org.