Gigamon¶
About¶
Gain the visibility and control you need to simplify workload deployments to the hybrid cloud. Extend your on-prem and cloud-based tools to maintain security and compliance, while applying context from network and application data for consistent observability. One unified visibility and analytics platform enables you to view, manage and scale your hybrid infrastructure, and accelerate your cloud migration.
Product Details¶
Vendor URL: Gigamon
Product Type: Network Management
Product Tier: Tier II
Integration Method: Custom
Integration URL: Gigamon
Log Guide: Sample Logs by Log Type
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: near 100%
Data Label: GIGAMON
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| alarmid | metadata.product_log_id |
| clusterid | principal.ip |
| clusterid | principal.resource.name |
| command | principal.process.command_line |
| connsumm | metadata.description |
| description | security_result.summary |
| eventtype | metadata.product_event_type |
| hostname | principal.hostname |
| principalip | principal.ip |
| principalpath | principal.process.file.full_path |
| principalpid | principal.process.pid |
| resourceId | principal.resource.id |
| severity | security_result.severity |
| sysloghost | observer.hostname |
| sysloghost | principal.hostname |
| tagCountry | principal.asset.location.country_or_region |
| targethost | target.hostname |
| targetip | target.ip |
| targetport | target.port |
| type | metadata.description |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | NETWORK_FLOW |
| chronyd | GENERIC_EVENT |
| fmEvent | STATUS_UPDATE |
| httpd | NETWORK_HTTP, GENERIC_EVENT |
| licd | GENERIC_EVENT |
| mgmtd | GENERIC_EVENT |
| netdevd | STATUS_UPDATE |
| notf_mgr | NETWORK_FLOW |
| rediscd | NETWORK_FLOW |
| sched | GENERIC_EVENT |
| snmpd | GENERIC_EVENT |
| syshth | STATUS_UPDATE |
| ugwd | GENERIC_EVENT |
Log Sample¶
{'Message':'2021-11-19T18:00:00-08:00 -0800 hostname1 rediscd[1967]: IP address for this node updated to 10.10.1.204','tagCountry':'US'}
Sample Parsing¶
metadata.event_timestamp = "2021-11-20T02:00:00Z"
metadata.event_type = "NETWORK_FLOW"
metadata.vendor_name = "GIGAMON"
metadata.product_event_type = "rediscd"
metadata.description = "IP address for this node updated to 10.10.1.204"
metadata.ingested_timestamp = "2021-11-20T02:00:13.378800Z"
principal.hostname = "hostname1"
principal.asset.location.country_or_region = "US"
target.ip = "10.10.1.204"
target.asset.ip = "10.10.1.204"
observer.hostname = "hostname2"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon