Skip to content

Cisco DNA Center

Cisco ucm

About

Cisco DNA Center supports the expression of business intent for network use cases, such as base automation capabilities in the enterprise network. The Analytics and Assurance features of Cisco DNA Center provide end-to-end visibility into the network with full context through data and insights.

Product Details

Vendor URL: Cisco DNA Center At-a-Glance

Product Type: Network Management

Product Tier: Tier III

Integration Method: Webhook/Syslog

Integration URL: Cisco DNA Center Platform User Guide (Webhook or syslog), Release 2.1.2

Log Guide: Cisco DNA Center - Releases 1.3.1+ - Event Management

Parser Details

Log Format: Syslog

Expected Normalization Rate: 95%

Data Label: CISCO_DNAC

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
description metadata.description
Statically Defined metadata.event_type
AlertName, product_event metadata.product_event_type
product_log, CTIconnectionId metadata.product_log_id
observer observer.hostname
AppID principal.application
NodeID, node principal.hostname
kvone_srcip, kctwo_srcip principal.ip
command principal.process.command_line
Statically Defined, kvone_srcport, kvtwo_srcport principal.port
file, PWD principal.process.file.full_path
ClusterID, obj principal.resource.product_object_id
DeviceName target.hostname
IPAdress, kvone_dstip, kvtwo_dstip target.ip
kvone_dstport, kvtwo_dstport, Statically Defined target.port
MohAudioSourceFileName target.process.file.full_path

Product Event Types

Type Severity UDM Event Classification Alerting Enabled
Default GENERIC_EVENT
Alert, AudioSource, CallManager, CTIconnection STATUS_UNCATEGORIZED
audispd SCAN_UNCATEGORIZED
kernel NETWORK_CONNECTION

Log Sample

<186>4852337: : : 1683852: SOMEHOST.domain.com: Jul 29 2022 17:49:34.755 UTC :  %UC_RTMT-2-RTMT_ALERT: %[AlertName=CriticalServiceDown][AlertDetail= Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com.][AppID=Cisco AMC Service][ClusterID=][NodeID=SOMEHOST.domain.net]: RTMT Alert

Sample Parsing

metadata.event_timestamp "2022-07-29T17:49:34.755Z"
metadata.event_type "STATUS_UNCATEGORIZED"
metadata.vendor_name "Cisco"
metadata.product_name "UCM"
metadata.product_event_type "CriticalServiceDown"
metadata.description "UC_RTMT-2-RTMT_ALERT"
metadata.ingested_timestamp "2022-07-29T17:51:29.217617Z"
metadata.id "AAAAAHaiYATrFY3X8PmDrShHHRqoAAAABgAAAHIAAAA="
principal.hostname "SOMEHOST.domain.com"
principal.application "Cisco AMC Service"
principal.asset.hostname "SOMEHOST.domain.net"
observer.hostname "SOMEHOST.domain.net"
security_result[0].summary "RTMT Alert"
security_result[0].description "Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com."

Parser Alerting

This product currently does not have any Parser-based Alerting