Aviatrix¶
About¶
Enterprises are turning to the public cloud for business transformation. In doing so they face new networking challenges such as manual routing updates, native limitations and lack of visibility. Whether you use a single cloud or multiple clouds, Aviatrix delivers solutions to simplify your journey to cloud.
Product Details¶
Vendor URL: Aviatrix
Product Type: Cloud Networking
Product Tier: Tier II
Integration Method: Syslog
Integration URL: Aviatrix Log Forwarding
Log Guide: Aviatrix Logging
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 90%
Data Label: AVIATRIX
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| action | security_result.summary |
| argv | target.process.command_line |
| Aviatrix | metadata.vendor_name |
| Cloud Networking | metadata.product_name |
| cpu_idle | additional.fields |
| description | metadata.description |
| DEVICE | principal.resource.resource_type |
| disk_free | additional.fields |
| disk_total | additional.fields |
| domain | principal.administrative_domain |
| dst_gw | target.ip |
| dst_region | target.namespace |
| gwname | target.hostname |
| hardware | principal.asset.hardware |
| hostname | principal.hostname |
| interface | principal.resource.name |
| memory_available | additional.fields |
| memory_free | additional.fields |
| name | observer.hostname |
| new_state | additional.fields |
| observer | observer.ip |
| observer | target.ip |
| old_state | additional.fields |
| private_ip | principal.ip |
| private_ip | principal.nat_ip |
| product_event | metadata.event_type |
| product_event | metadata.product_event_type |
| Rule | security_result.rule_name |
| severity | security_result.severity |
| severity | security_result.severity_details |
| src_region | principal.namespace |
| state | security_result.action_details |
| summary | security_result.description |
| summary | security_result.summary |
| total_rx_cum | additional.fields |
| total_tx_cum | additional.fields |
| username | principal.user.userid |
Product Event Types¶
| product_event | UDM Event Classification |
|---|---|
| all others | STATUS_UNCATEGORIZED |
| AviatrixCMD | PROCESS_UNCATEGORIZED |
| AviatrixFQDNRule2 | NETWORK_CONNECTION |
| AviatrixTunnelStatusChange | NETWORK_UNCATEGORIZED |
| session closed | USER_LOGOUT |
| session other | USER_LOGIN |
Log Sample¶
<133>Dec 8 14:19:32 hostname-10.10.10.10 auth.log 2022-12-08T14:19:29.096632+00:00 hostname-10.10.10.10 sudo: pam_unix(sudo:session): session closed for user username
Sample Parsing¶
metadata.event_timestamp.seconds = 1670509389
metadata.event_timestamp.nanos = 293447000
metadata.event_type = "USER_LOGOUT"
metadata.vendor_name = "Aviatrix"
metadata.product_name = "Cloud Networking"
metadata.product_event_type = "auth.log"
metadata.description = "pam_unix(sudo:session)"
principal.hostname = "hostname"
principal.user.userid = "username"
principal.asset.hostname = "hostname"
target.ip = "10.10.10.10"
target.asset.ip = "10.10.10.10"
observer.ip = "10.10.10.10"
security_result.summary = "session closed"
security_result.description = "session closed for user username"
extensions.auth.type = "MACHINE"
Parser Alerting¶
This product currently does not have any Parser-based Alerting.
Rules¶
Coming Soon