Citrix Xencenter¶
About¶
XenCenter enables you to manage your XenServer or Citrix Hypervisor environment and deploy, manage, and monitor virtual machines from your Windows desktop machine.
Product Details¶
Vendor URL: Citrix Xencenter
Product Type: Hypervisor
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: CITRIX_XENCENTER
UDM Fields (list of all UDM fields leveraged in the Parser):
| Event | UDM Event Classification |
|---|---|
| custom filter | principal.asset.hardware.cpu_number_cores |
| custom filter | target.process.command_line |
| custom filter | target.file.full_path |
| Xencenter | metadata.product_name |
| Citrix | metadata.vendor_name |
| custom filter | metadata.product_event_type |
| custom filter | metadata.description |
| custom filter | observer.hostname |
| custom filter | security_result.summary |
| custom filter | security_result.category_details |
| custom filter | additonal.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | GENERIC_EVENT |
Log Sample¶
<135>Nov 13 18:54:59 hostname1 xcp-rrdd-xenpm: [debug|hostname2|0 ||xcp-rrdd-xenpm] Found 240 states; with 48 CPUs this means 5 states per CPU
Sample Parsing¶
additional.fields["states per CPU"] = "5"
additional.fields["total_states"] = "240"
metadata.description = "Found 240 states; with 48 CPUs this means 5 states per CPU"
metadata.event_timestamp.seconds = 1699901699
metadata.event_timestamp.nanos = 0
metadata.event_type = "GENERIC_EVENT"
metadata.log_type = "CITRIX_XENCENTER"
metadata.product_event_type = "xcp-rrdd-xenpm"
metadata.product_name = "Xencenter"
metadata.vendor_name = "Citrix"
observer.hostname = "hostname1"
principal.asset.hardware.cpu_number_cores = "48"
security_result.category_details = "debug"
security_result.category_details = "0 "
security_result.summary = "xcp-rrdd-xenpm"
Rules¶
Coming Soon