NetApp¶
About¶
NetApp, Inc. is an American hybrid cloud data services and data management company headquartered in Sunnyvale, California. It has ranked in the Fortune 500 since 2012. Founded in 1992 with an IPO in 1995, NetApp offers cloud data services for management of applications and data both online and physically.
NetApp®AFF SAN storage providesaccess to your critical dataduring both planned and unplanned events. Perform planned maintenance and upgrades with data services intact. And prevent business disruptions due to ransomware attacks, storage and fabric failures, application errors and site disasters.
Product Details¶
Vendor URL: NetApp | Cloud Storage Services
Product Type: SAN
Product Tier: Tier II
Integration Method: Syslog
Integration URL: How To Setup Logging Events to a Syslog Server
Log Guide: NetApp Log Guide
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 75%
Data Label: NETAPP_SAN
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
vendor | metadata.vendor_name |
product | metadata.product_name |
product_event | metadata.product_event_type |
GENERIC_EVENT/NETWORK_CONNECTION | metadata.event_type |
log_data | metadata.description |
observer | principal.hostname |
application | principal.application |
src_port | principal.port |
dst_port | target.port |
wth_error | security_result.description |
dst_vol | target.file.full_path |
src_vol | src.file.full_path |
src | principal.hostname |
src | principal.ip |
dst | target.hostname |
dst | target.ip |
dhost | target.hostname |
dhost | target.ip |
shost | principal.hostname |
shost | principal.ip |
suser | principal.user.userid |
job_id | additional.fields |
observer | observer.hostname |
observer | observer.ip |
ALLOW/BLOCK | security_result.action |
LOW/MEDIUM/HIGH | security_result.severity |
severity | security_result.summary |
Product Event Types¶
type,subtype | severity | UDM Event Classification | alerting enabled |
---|---|---|---|
Default | GENERIC_EVENT | ||
Connection | NETWORK_CONNECTION |
Log Sample¶
<9>Dec 1 15:30:00 [hostname1:mgmt.alert.schd.trans.fail:ALERT]: Scheduled transfer from source volume 'hostname1://host/host_root' to destination volume(s) 'hostname2://host/host_root_ls1,host_root_ls2' failed with error 'Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized.'. Job ID 25707.
Sample Parsing¶
metadata.event_timestamp = "2021-12-01T15:30:00Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "NETAPP"
metadata.product_name = "SAN"
metadata.product_event_type = "mgmt.alert.schd.trans.fail"
metadata.description = "Scheduled transfer from source volume 'hostname1://host/host_root' to destination volume(s) 'hostname2://host/host_root_ls1,host_root_ls2' failed with error 'Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized.'. Job ID 25707."
metadata.ingested_timestamp = "2021-12-01T15:30:08.393605Z"
additional.Job ID = "25707"
principal.hostname = "hostname1"
principal.namespace = "domain"
principal.asset.hostname = "hostname2"
src.file.full_path = "hostname1t://host/host_root"
src.namespace = "domain"
target.file.full_path = "hostname2://host/host_root_ls1,host_root_ls2"
target.namespace = "domain"
observer.hostname = "hostname1"
observer.namespace = "domain"
security_result.summary = "ALERT"
security_result.description = "Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized."
security_result.action = "BLOCK"
Parser Alerting¶
This product currently does not have any Parser-based Alerting