Cisco DNA Center¶
About¶
Cisco DNA Center supports the expression of business intent for network use cases, such as base automation capabilities in the enterprise network. The Analytics and Assurance features of Cisco DNA Center provide end-to-end visibility into the network with full context through data and insights.
Product Details¶
Vendor URL: Cisco DNA Center At-a-Glance
Product Type: Network Management
Product Tier: Tier III
Integration Method: Webhook/Syslog
Integration URL: Cisco DNA Center Platform User Guide (Webhook or syslog), Release 2.1.2
Log Guide: Cisco DNA Center - Releases 1.3.1+ - Event Management
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 95%
Data Label: CISCO_DNAC
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| description | metadata.description |
| Statically Defined | metadata.event_type |
| AlertName, product_event | metadata.product_event_type |
| product_log, CTIconnectionId | metadata.product_log_id |
| observer | observer.hostname |
| AppID | principal.application |
| NodeID, node | principal.hostname |
| kvone_srcip, kctwo_srcip | principal.ip |
| command | principal.process.command_line |
| Statically Defined, kvone_srcport, kvtwo_srcport | principal.port |
| file, PWD | principal.process.file.full_path |
| ClusterID, obj | principal.resource.product_object_id |
| DeviceName | target.hostname |
| IPAdress, kvone_dstip, kvtwo_dstip | target.ip |
| kvone_dstport, kvtwo_dstport, Statically Defined | target.port |
| MohAudioSourceFileName | target.process.file.full_path |
Product Event Types¶
| Type | Severity | UDM Event Classification | Alerting Enabled |
|---|---|---|---|
| Default | GENERIC_EVENT | ||
| Alert, AudioSource, CallManager, CTIconnection | STATUS_UNCATEGORIZED | ||
| audispd | SCAN_UNCATEGORIZED | ||
| kernel | NETWORK_CONNECTION |
Log Sample¶
<186>4852337: : : 1683852: SOMEHOST.domain.com: Jul 29 2022 17:49:34.755 UTC : %UC_RTMT-2-RTMT_ALERT: %[AlertName=CriticalServiceDown][AlertDetail= Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com.][AppID=Cisco AMC Service][ClusterID=][NodeID=SOMEHOST.domain.net]: RTMT Alert
Sample Parsing¶
metadata.event_timestamp "2022-07-29T17:49:34.755Z"
metadata.event_type "STATUS_UNCATEGORIZED"
metadata.vendor_name "Cisco"
metadata.product_name "UCM"
metadata.product_event_type "CriticalServiceDown"
metadata.description "UC_RTMT-2-RTMT_ALERT"
metadata.ingested_timestamp "2022-07-29T17:51:29.217617Z"
metadata.id "AAAAAHaiYATrFY3X8PmDrShHHRqoAAAABgAAAHIAAAA="
principal.hostname "SOMEHOST.domain.com"
principal.application "Cisco AMC Service"
principal.asset.hostname "SOMEHOST.domain.net"
observer.hostname "SOMEHOST.domain.net"
security_result[0].summary "RTMT Alert"
security_result[0].description "Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com."
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon