Skip to content

Dell EMC Unity

Dell EMC Unity

About

Dell EMC Unity XT is a unified storage solution complete with all-flash and hybrid arrays, a dual-active controller architecture and an enterprise-class data service — all in a modern NVMe ready design — with seamless expansion to the cloud to accelerate your IT transformation.

Product Details

Vendor URL: Dell EMC Unity

Product Type: Network Storage

Product Tier: Tier III

Integration Method: Syslog

Log Guide: How to Set Up and Manage Logging | Dell US | Log Guide

Parser Details

Log Format: Syslog

Expected Normalization Rate: 95%

Data Label: DELL_EMC_UNITY

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
category metadata.product_event_type
Dell metadata.vendor_name
msg security_result.description
ID observer.process.pid
Tag observer.hostname
event_id metadata.product_log_id
observer_field observer.asset.labels
info security_result.severity_details
suser observer.asset.resource.name
component security_result.rule_labels
category security_result.rule_labels
timezone security_result.rule_labels
Statically Defined metadata.event_type

Product Event Types

Product Event Description UDM Event
Default GENERIC_EVENT

Log Sample

<14>Jan 01 00:00:00 Unity@hostname Neo_CEM[11111]:  "2023-01-01T00:00:00.000Z" "Unity@hostname" "Neo_CEM" "11111" "SYSTEM" "INFO" "11:000000" :: "Created snapshot UTC_2023-01-01_00:00:00_2 of storage resource UNITY." :: Category=Audit Component=SnapshotPlugin TimeZone=UTC

Sample Parsing

metadata.event_type = "GENERIC_EVENT"
metadata.product_event_type = "Audit"
metadata.product_log_id = "14"
metadata.product_name = "DELL_EMC_UNITY"
metadata.vendor_name = "DELL"
observer.application = "New_CEM"
observer.asset.labels.key = "LUN ID"
observer.asset.labels.value = "11:600000"
observer.hostname = "Unity@hostname"
observer.process.pid = "1111"
observer.resource.name = "SYSTEM"
security_result.description = "Created snapshot UTC_2023-01-01_00:00:00_2 of storage resource UNITY."
security_result.rule_labels.key = "Category"
security_result.rule_labels.value = "Audit"
security_result.rule_labels.key = "TimeZone"
security_result.rule_labels.value = "UTC"
security_result.rule_labels.key = "Component"
security_result.rule_labels.value = "SnapshotPlugin"
security_result.severity_details = "INFO"