Keysight Packet Broker¶
About¶
Keysight builds NPBs for performance, architecting them from the ground up to deliver 100% reliable data processing while performing out-of-band monitoring data filtration, deduplication, SSL decryption, and other processing-intensive functions.
Product Details¶
Vendor URL: Keysight
Product Type: Network Packet Broker
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: near 100%
Data Label: KEYSIGHT
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| description | metadata.description |
| "Keysight" | metadata.product_name |
| "Packet Broker" | metadata.vendor_name |
| version | metadata.product_version |
| static value | network.application_protocol |
| principal_ip | principal.ip |
| port | principal.port |
| principal_file | principal.file.full_path |
| command | principal.process.command_line |
| target_hostname | target.hostname |
| target_port | target.port |
| file | target.file.full_path |
| user | target.user.userid |
| url | target.url |
| error | security_result.description |
| status | security_result.summary |
Product Event Types¶
| type | UDM Event Classification | |
|---|---|---|
| All | GENERIC_EVENT |
Log Sample¶
<134>1 2023-05-15T16:19:41.166Z observer Vision E40 2841 - - 477 Successful standalone automatic backup up to curl --insecure --url url_string --user username --upload-file filename --ftp-create-dirs --progress-bar.
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.product_name = "Packet Broker"
metadata.product_version = "Vision E40"
metadata.vendor_name = "Keysight"
metadata.description = "Successful standalone automatic backup"
principal.process.command_line = "curl --insecure --url url_string --user username --upload-file filename --ftp-create-dirs --progress-bar."
target.user.userid = "username"
target.url = "url_string"
target.file.full_path = "filename"
observer.hostname = "observer"