Skip to content

NetApp

netapp

About

NetApp, Inc. is an American hybrid cloud data services and data management company headquartered in Sunnyvale, California. It has ranked in the Fortune 500 since 2012. Founded in 1992 with an IPO in 1995, NetApp offers cloud data services for management of applications and data both online and physically.

NetApp®AFF SAN storage providesaccess to your critical dataduring both planned and unplanned events. Perform planned maintenance and upgrades with data services intact. And prevent business disruptions due to ransomware attacks, storage and fabric failures, application errors and site disasters.

Product Details

Vendor URL: NetApp | Cloud Storage Services

Product Type: SAN

Product Tier: Tier II

Integration Method: Syslog

Integration URL: How To Setup Logging Events to a Syslog Server

Log Guide: NetApp Log Guide

Parser Details

Log Format: Syslog

Expected Normalization Rate: 75%

Data Label: NETAPP_SAN

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
vendor metadata.vendor_name
product metadata.product_name
product_event metadata.product_event_type
GENERIC_EVENT/NETWORK_CONNECTION metadata.event_type
log_data metadata.description
observer principal.hostname
application principal.application
src_port principal.port
dst_port target.port
wth_error security_result.description
dst_vol target.file.full_path
src_vol src.file.full_path
src principal.hostname
src principal.ip
dst target.hostname
dst target.ip
dhost target.hostname
dhost target.ip
shost principal.hostname
shost principal.ip
suser principal.user.userid
job_id additional.fields
observer observer.hostname
observer observer.ip
ALLOW/BLOCK security_result.action
LOW/MEDIUM/HIGH security_result.severity
severity security_result.summary

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
Default GENERIC_EVENT
Connection NETWORK_CONNECTION

Log Sample

<9>Dec  1 15:30:00 [hostname1:mgmt.alert.schd.trans.fail:ALERT]: Scheduled transfer from source volume 'hostname1://host/host_root' to destination volume(s) 'hostname2://host/host_root_ls1,host_root_ls2' failed with error 'Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized.'. Job ID 25707.

Sample Parsing

metadata.event_timestamp = "2021-12-01T15:30:00Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "NETAPP"
metadata.product_name = "SAN"
metadata.product_event_type = "mgmt.alert.schd.trans.fail"
metadata.description = "Scheduled transfer from source volume 'hostname1://host/host_root' to destination volume(s) 'hostname2://host/host_root_ls1,host_root_ls2' failed with error 'Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized.'. Job ID 25707."
metadata.ingested_timestamp = "2021-12-01T15:30:08.393605Z"
additional.Job ID = "25707"
principal.hostname = "hostname1"
principal.namespace = "domain"
principal.asset.hostname = "hostname2"
src.file.full_path = "hostname1t://host/host_root"
src.namespace = "domain"
target.file.full_path = "hostname2://host/host_root_ls1,host_root_ls2"
target.namespace = "domain"
observer.hostname = "hostname1"
observer.namespace = "domain"
security_result.summary = "ALERT"
security_result.description = "Volume hostname2://host/host_root_ls1,host_root_ls2 is not initialized."
security_result.action = "BLOCK"

Parser Alerting

This product currently does not have any Parser-based Alerting