IBM Datapower¶
About¶
IBM DataPower Gateway helps you meet the security and integration needs of your digital business in a single multichannel gateway. It provides high security, control, integration and optimized access to a full range of mobile, web, app programming interface (API), service-oriented architecture (SOA), B2B and cloud workloads.
Product Details¶
Vendor URL: IBM Datapower
Product Type: Monitoring
Product Tier: Tier III
Integration Method: Custom
Integration URL: N/A
Log Guide: Sample Logs by Log Type
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: near 100%
Data Label: IBM_DATAPOWER
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| b2bmsg | security_result.description |
| category | metadata.description |
| clientip | principal.ip |
| csv_column1 | principal.hostname |
| csv_column1 | principal.hostname |
| csv_column13 | security_result.about.file.full_path |
| csv_column14 | security_result.about.file.full_path |
| csv_column21 | security_result.rule_type |
| csv_column22 | security_result.rule_name |
| csv_column22 | security_result.rule_name |
| csv_column23 | network.tls.version |
| csv_column24 | network.tls.cipher |
| csv_column26 | network.http.referral_url |
| csv_column27 | network.tls.version |
| csv_column28 | network.tls.cipher |
| csv_column5 | principal.url |
| csv_column6 | network.http.referral_url |
| csv_column8 | principal.user.userid |
| domain | principal.administrative_domain |
| globaltransactionid | metadata.url_back_to_product |
| queryresult | additional.query_result |
| summary | security_result.summary |
| syslogdate | metadata.event_timestamp |
| syslogseverity | security_result.severity_details |
| system | metadata.product_event_type |
| transactionid | metadata.product_log_id |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all events | GENERIC_EVENT |
Log Sample¶
Hostname1 [Domain] [0x80e00107][mq][error] mq-qm(SERVICEBUS-SSL-PRIMARY): trans(11111): Queue Manager Error: 'Hostname2(4020)' 'Device'. Reason code - 1059
Sample Parsing¶
metadata.product_log_id = "11111"
metadata.event_timestamp = "2022-02-04T21:39:18Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "IBM"
metadata.product_name = "Datapower"
metadata.product_event_type = "mq-qm"
metadata.description = "SERVICEBUS-SSL-PRIMARY"
metadata.ingested_timestamp = "2022-02-04T18:44:15.826810Z"
additional.query_result = "0x80e00107"
principal.administrative_domain = "Domain"
observer.hostname = "Hostname1"
security_result.description = "Queue Manager Error: 'Hostname2(4020)' 'Device'. Reason code - 1059"
security_result.severity_details = "error"
Parser Alerting¶
This product currently does not have any Parser-based Alerting