Skip to content

Dell EMC Avamar

Dell EMC Avamar

About

Dell EMC Avamar enables fast, efficient backup and recovery through its integrated variable-length deduplication technology. Avamar is optimized for fast, daily full backups of physical and virtual environments, NAS servers, enterprise applications, remote offices and desktops/laptops.

Product Details

Vendor URL: Dell EMC Avamar

Product Type: Data Protection

Product Tier: Tier III

Integration Method: Syslog

Log Guide: Dell EMC Avamar Admin Guide

Parser Details

Log Format: Syslog

Expected Normalization Rate: NA

Data Label: DELL_EMC_AVAMAR

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
code metadata.product_log_id
GENERIC_EVENT metadata.event_type
Dell_EMC metadata.vendor_name
AVAMAR metadata.product_name
HwSource principal.hostname
user principal.user.userid
role principal.user.user_role
HwSource principal.asset.hostname
HwSource observer.hostname
HwSource observer.asset.hostname
Category security_result.category_details
Severity security_result.category_details
message security_result.summary
Type security_result.severity

Product Event Types

All Events UDM Event Classification
ALL Events GENERIC_EVENT

Log Sample

<14>Apr 21 06:53:53 SAN:san: <Code> 1306 <Type> INFORMATION <Severity> OK <Category> SYSTEM <User> root <HwSource> hostname1 <Summary> sysconfig info: Valid NICs=8 NICs up=3 <date> 2022/04/21 <code> 1306 <time> 12:53:53.53002 UTC <thread> cprecovery:2995 <type> INFO <message> sysconfig info: Valid NICs=8 NICs up=3 <nodeid> 0.0 <requestor> <requestor domain="/" product="MCS" role="Administrator" user="root"/>

Sample Parsing

metadata.product_log_id = "1306"
metadata.event_timestamp = "2022-04-21T12:53:53.530020Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Dell_EMC"
metadata.product_name = "AVAMAR"
principal.hostname = "hostname1"
principal.user.userid = "root"
principal.user.user_role = "ADMINISTRATOR"
principal.asset.hostname = "hostname1"
observer.hostname = "hostname1"
observer.asset.hostname = "hostname1"
security_result.category_details = "Category: SYSTEM"
security_result.category_details = "Severity: OK"
security_result.summary = "sysconfig info: Valid NICs=8 NICs up=3"
security_result.severity = "INFORMATIONAL"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon