Aruba Switch¶
About¶
HPE Aruba Networking CX Switches. Simplify the complexities of deploying and managing modern enterprise networks with AI-powered automation and built-in security delivered by network switches that scale from edge to the cloud.
Product Details¶
Vendor URL: Aruba Switch
Product Type: Network Switch
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: SYSLOG
Expected Normalization Rate: 100%
Data Label: ARUBA_SWITCH
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| app | principal.application |
| ARUBA SWITCH | metadata.vendor_name |
| ARUBA_SWITCH | metadata.product_name |
| client.userAgent.rawUserAgent | network.http.user_agent |
| description | security_result.description |
| event_id | additional.fields |
| host | observer.hostname |
| pid | principal.process.pid |
| principal_ip | principal.ip |
| principal_port | principal.port |
| prinicpal_user | principal.user.userid |
| protocol | network.application_protocol |
| result | security_result.action |
| target_user | target.user.userid |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| auth | USER_LOGIN |
| generic | GENERIC_EVENT |
| logged out | USER_LOGOUT |
| update | STATUS_UPDATE |
Log Sample¶
<44>Jun 19 22:03:36 10.0.0.0 00419 auth: Invalid user name/password on SSH session User 'admin' is trying to login from 10.10.10.1
Sample Parsing¶
metadata.event_type = "USER_LOGIN"
metadata.log_type = "ARUBA_SWITCH"
metadata.product_event_type = "auth"
metadata.product_name = "ARUBA_SWITCH"
metadata.vendor_name = "ARUBA SWITCH"
network.application_protocol = "SSH"
observer.ip = "10.0.0.0"
principal.application = "auth"
principal.ip = "10.10.10.1"
principal.process.pid = "00419"
security_result.action = "FAIL"
security_result.description = "Invalid user name/password on SSH session User 'admin' is trying to login from 10.10.10.1"
target.user.userid = "admin"