Dell EMC Unity¶
About¶
Dell EMC Unity XT is a unified storage solution complete with all-flash and hybrid arrays, a dual-active controller architecture and an enterprise-class data service — all in a modern NVMe ready design — with seamless expansion to the cloud to accelerate your IT transformation.
Product Details¶
Vendor URL: Dell EMC Unity
Product Type: Network Storage
Product Tier: Tier III
Integration Method: Syslog
Log Guide: How to Set Up and Manage Logging | Dell US | Log Guide
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 95%
Data Label: DELL_EMC_UNITY
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| category | metadata.product_event_type |
| Dell | metadata.vendor_name |
| msg | security_result.description |
| ID | observer.process.pid |
| Tag | observer.hostname |
| event_id | metadata.product_log_id |
| observer_field | observer.asset.labels |
| info | security_result.severity_details |
| suser | observer.asset.resource.name |
| component | security_result.rule_labels |
| category | security_result.rule_labels |
| timezone | security_result.rule_labels |
| Statically Defined | metadata.event_type |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| Default | GENERIC_EVENT |
Log Sample¶
<14>Jan 01 00:00:00 Unity@hostname Neo_CEM[11111]: "2023-01-01T00:00:00.000Z" "Unity@hostname" "Neo_CEM" "11111" "SYSTEM" "INFO" "11:000000" :: "Created snapshot UTC_2023-01-01_00:00:00_2 of storage resource UNITY." :: Category=Audit Component=SnapshotPlugin TimeZone=UTC
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.product_event_type = "Audit"
metadata.product_log_id = "14"
metadata.product_name = "DELL_EMC_UNITY"
metadata.vendor_name = "DELL"
observer.application = "New_CEM"
observer.asset.labels.key = "LUN ID"
observer.asset.labels.value = "11:600000"
observer.hostname = "Unity@hostname"
observer.process.pid = "1111"
observer.resource.name = "SYSTEM"
security_result.description = "Created snapshot UTC_2023-01-01_00:00:00_2 of storage resource UNITY."
security_result.rule_labels.key = "Category"
security_result.rule_labels.value = "Audit"
security_result.rule_labels.key = "TimeZone"
security_result.rule_labels.value = "UTC"
security_result.rule_labels.key = "Component"
security_result.rule_labels.value = "SnapshotPlugin"
security_result.severity_details = "INFO"
Rules¶
Coming Soon