Cisco Unified Computing System¶
About¶
Cisco Unified Computing System (UCS) is a data center server computer product line composed of server hardware, virtualization support, switching fabric, and management software, introduced in 2009 by Cisco Systems. The products are marketed for scalability by integrating many components of a data center that can be managed as a single unit.
Product Details¶
Vendor URL: Cisco Servers – Unified Computing System (UCS) - Cisco
Product Type: OS
Product Tier: Tier III
Integration Method: Syslog
Integration URL: Set up Syslog for Cisco UCS
Log Guide: Introduction to Syslog Messages - Cisco
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 75%
Data Label: CISCO_UCS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| ADAPTOR | additional.fields |
| AUTHTYPE_UNSPECIFIED | extensions.auth.type |
| BLADE | additional.fields |
| CHASSIS | additional.fields |
| description | metadata.description |
| dst | target.hostname |
| dst | target.ip |
| dst_domain | target.administrative_domain |
| FABRIC | additional.fields |
| HOST_ETH | additional.fields |
| PATH | additional.fields |
| product | metadata.product_name |
| product_event | metadata.product_event_type |
| sec_description | security_result.description |
| src | principal.hostname |
| src | principal.ip |
| src_domain | principal.administrative_domain |
| Statically Defined | metadata.event_type |
| severity | security_result.severity |
| summary | security_result.summary |
| suser | principal.user.userid |
| vendor | metadata.vendor_name |
| version | metadata.product_version |
| VIF | additional.fields |
Product Event Types¶
| Type | Severity | UDM Event Classification | Alerting Enabled |
|---|---|---|---|
| Default | GENERIC_EVENT | ||
| Authentication | USER_LOGIN |
Log Sample¶
<187>: 2022 Feb 23 20:05:42 CST: %UCSM-3-EVENT: External malformed xml event, Error: [no class named computePersonality], Received from host [10.0.0.1]
Sample Parsing¶
metadata.event_timestamp = "2022-02-23T20:05:42Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Cisco"
metadata.product_version = "UCS"
metadata.product_event_type = "UCSM-3-EVENT"
metadata.description = "External malformed xml event, Error: [no class named computePersonality], Received from host [10.0.0.1]"
metadata.ingested_timestamp = "2022-02-24T02:08:23.941588Z"
principal.ip = "10.0.0.1"
principal.asset.ip = "10.0.0.1"
security_result.severity = "ERROR"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon