Dell EMC Avamar¶
About¶
Dell EMC Avamar enables fast, efficient backup and recovery through its integrated variable-length deduplication technology. Avamar is optimized for fast, daily full backups of physical and virtual environments, NAS servers, enterprise applications, remote offices and desktops/laptops.
Product Details¶
Vendor URL: Dell EMC Avamar
Product Type: Data Protection
Product Tier: Tier III
Integration Method: Syslog
Log Guide: Dell EMC Avamar Admin Guide
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: NA
Data Label: DELL_EMC_AVAMAR
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| code | metadata.product_log_id |
| GENERIC_EVENT | metadata.event_type |
| Dell_EMC | metadata.vendor_name |
| AVAMAR | metadata.product_name |
| HwSource | principal.hostname |
| user | principal.user.userid |
| role | principal.user.user_role |
| HwSource | principal.asset.hostname |
| HwSource | observer.hostname |
| HwSource | observer.asset.hostname |
| Category | security_result.category_details |
| Severity | security_result.category_details |
| message | security_result.summary |
| Type | security_result.severity |
Product Event Types¶
| All Events | UDM Event Classification |
|---|---|
| ALL Events | GENERIC_EVENT |
Log Sample¶
<14>Apr 21 06:53:53 SAN:san: <Code> 1306 <Type> INFORMATION <Severity> OK <Category> SYSTEM <User> root <HwSource> hostname1 <Summary> sysconfig info: Valid NICs=8 NICs up=3 <date> 2022/04/21 <code> 1306 <time> 12:53:53.53002 UTC <thread> cprecovery:2995 <type> INFO <message> sysconfig info: Valid NICs=8 NICs up=3 <nodeid> 0.0 <requestor> <requestor domain="/" product="MCS" role="Administrator" user="root"/>
Sample Parsing¶
metadata.product_log_id = "1306"
metadata.event_timestamp = "2022-04-21T12:53:53.530020Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Dell_EMC"
metadata.product_name = "AVAMAR"
principal.hostname = "hostname1"
principal.user.userid = "root"
principal.user.user_role = "ADMINISTRATOR"
principal.asset.hostname = "hostname1"
observer.hostname = "hostname1"
observer.asset.hostname = "hostname1"
security_result.category_details = "Category: SYSTEM"
security_result.category_details = "Severity: OK"
security_result.summary = "sysconfig info: Valid NICs=8 NICs up=3"
security_result.severity = "INFORMATIONAL"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon