Skip to content




NetApp, Inc. is an American hybrid cloud data services and data management company headquartered in Sunnyvale, California. It has ranked in the Fortune 500 since 2012. Founded in 1992 with an IPO in 1995, NetApp offers cloud data services for management of applications and data both online and physically.

ONTAP creates a storage infrastructure that reduces costs, accelerates critical workloads, and protects and secures data across hybrid multiclouds.

Product Details

Vendor URL: NetApp | Cloud Storage Services

Product Type: Data Management

Product Tier: Tier II

Integration Method: Syslog

Integration URL: How To Setup Logging Events to a Syslog Server

Log Guide: NetApp Log Guide

Parser Details

Log Format: Syslog

Expected Normalization Rate: near 100%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
Statically defined extensions.auth.mechanism
Statically defined metadata.vendor_name
Statically defined metadata.product_name
msg metadata.product_event_type
section1 metadata.product_log_id
description metadata.description
hostip observer.hostname
Statically defined network.application_protocol
application principal.application
phost principal.hostname
pr_ip principal.ip
pr_port principal.port
section5 principal.process.command_line
target target.hostname
ip target.ip
port target.port
username target.user.userid
action security_result.action_details
Statically defined security_result.severity
severity security_result.severity_details
operation security_result.description
error security_result.summary

Product Event Types

Type,subtype Description UDM Event Classification
Default All other events GENERIC_EVENT

Log Sample

<5>Jul 29 12:11:18 hostname [target_host: sshd.auth.loginDenied:notice]: message="Failed password   for invalid user username from port 58059 ssh2  "

Sample Parsing

metadata.event_timestamp = "1659096678"
metadata.event_type = "USER_LOGIN"
metadata.vendor_name = "NETAPP"
metadata.product_name = "ONTAP"
metadata.product_event_type = "sshd.auth.loginDenied"
metadata.description = "Failed password for invalid user"
principal.ip = ""
principal.port = 58059
target.hostname = "target-host"
target.user_userid = "username"
observer.hostname = "hostname"
security_result.severity = "INFORMATIONAL"
security_result.severity_details = "notice"
network.application_protocol = "SSH"
extension.auth.mechanism = "MECHANISM_UNSPECIFIED"

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon