Extreme Management Center

About

ExtremeCloud IQ - Site Engine is an evolution of Extreme Management Center (XMC), our on-premise management system for Extreme universal hardware, legacy Extreme devices and third party devices.

Product Details

Vendor URL: Extreme Management Center

Product Type: Device Management

Product Tier: Tier III

Integration Method: Syslog

Integration URL: Extreme Management Center User Guide

Requirements

Parser Details

Fill in the following fields for parser details

Log Format: SYSLOG

Expected Normalization Rate: 90%

Data Label: EXTREME_MANAGEMENT

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field	UDM Field
desc	metadata.description
dst_app	target.application
ob_ip	observer.ip
ob_pid	observer.process.pid
ob_ppid	observer.process.parent_pid
ob_userid	observer.user.userid
observer	observer.hostname
prod_event	metadata.product_event_type
severity	security_result.severity
sr_desc	metadata.description
sr_details	security_result.severity_details
sr_sum	security_result.summary
src_ip	principal.ip
src_userid	principal.user.userid

Product Event Types

type,subtype	severity	UDM Event Classification	alerting enabled
All events		GENERIC_EVENT

Log Sample

<123>Feb  8 13:36:00 ABCCORP-EV0001-A1 CPU 00000000 abc_def IP WARNING Invalid VR IP addresses 10.10.10.1 received for Abcd 01 on Abcdef 0001

Sample Parsing

metadata.event_timestamp.seconds = 1675863360
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Extreme Management Center"
metadata.product_event_type = "IP"
metadata.description = "Invalid VR IP addresses 10.10.10.1 received for Abcd 01 on Abcdef 0001"
principal.ip = "10.10.10.1"
principal.asset.ip = "10.10.10.1"
target.application = "abc_def"
observer.hostname = "ABCCORP-EV0001-A1"
observer.user.userid = "CPU"
observer.process.pid = "00000000"
security_result.severity = "MEDIUM"
security_result.severity_details = "IP WARNING"

Parser Alerting

No alerting is built into this parser.

Rules

Coming Soon