Arista Switch¶
About¶
Designed for large scale leaf and spine networks the X-Series provide industry leading performance and density with a broad choice of interface types from 10G to 400G. The 7300X and 7050X Series combine scalable L2 and L3 features with comprehensive network monitoring, automation, virtualization and visibility features for Enterprise and virtualized Data Center networks.
Product Details¶
Vendor URL: Arista X-Series Spin % Leaf
Product Type: Network Switch
Product Tier: Tier III
Integration Method: Syslog
Integration URL: Customer Support Portal | Arista
Log Guide: Community Central | Arista
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 90%
Data Label: ARISTA_SWITCH
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Action | security_result.action_details |
| Arista Networks | metadata.vendor_name |
| Arista Switch | metadata.product_name |
| Client_host | principal.hostname |
| Client_ip | principal.ip |
| Client_user | principal.user.userid |
| Description | security_result.summary |
| Device | resource_type |
| Event_id | metadata.product_event_type |
| Facility | observer.application |
| Host | target.hostname |
| Interface, Instance | resource_subtype |
| Log_id | metadata.product_log_id |
| Log_message | metadata.description |
| Mnemonic | metadata.description |
| Port, Instance_name | resource.name |
| Severity | security_result.severity |
| Severity | security_result.severity_details |
| Syslog_host | observer.hostname |
| Type | observer.application |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Event_ID | 0,1,2,3,4,5,6,7 | GENERIC_EVENT | No |
Log Sample¶
<166>May 8 09:21:19 XX-LEAFXX Stp: %SPANTREE-6-INTERFACE_ADD: Interface Ethernet2 has been added to instance MST0
Sample Parsing¶
metadata.description = "INTERFACE_ADD"
metadata.product_event_type = "%SPANTREE-6-INTERFACE_ADD"
observer.application = "SPANTREE"
observer.hostname = "XX-LEAFXX"
principal.resource.name = "Ethernet2"
principal.resource.resource_subtype = "INTERFACE"
principal.resource.resource_type = "DEVICE"
security_result.severity = "INFORMATIONAL"
security_result.severity_details = "6, Informational - Info Messages"
security_result.summary = "Interface Ethernet2 has been added to instance MST0"
target.resource.name = "MST0"
target.resource.resource_subtype = "INSTANCE"
target.resource.resource_type = "DEVICE"