Skip to content

NetMotion Mobility

NetMotion Mobility


NetMotion Mobility is a standards-compliant, client/server-based software that securely extends the enterprise network to the mobile environment. It is a mobile VPN software that maximizes mobile field worker productivity by maintaining and securing their data connections as they move in and out of wireless coverage areas and roam between networks. Designed specifically for wireless environments, Mobility provides IT managers with the security and centralized control needed to effectively manage a mobile deployment. Mobility complements existing IT systems, is highly scalable, and easy to deploy and maintain.

Product Details

Vendor URL: NetMotion Mobility

Product Type: VPN

Product Tier: Tier III

Integration Method: Syslog

Integration URL: Logging Mobility Events to a Syslog Server

Log Guide: Log Data Field Reference

Parser Details

Log Format: CEF

Expected Normalization Rate: 90-100%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
sourcetype metadata.description
prot network.ip_protocol
rx network.received_bytes
tx network.sent_bytes
app_fname principal.application
d_man principal.asset.hardware.manufacturer
d_mod principal.asset.hardware.model
lat principal.asset.location.region_coordinates.latitude
lon principal.asset.location.region_coordinates.longitude
m_pid principal.asset.product_object_id
d_name principal.hostname
src_ip principal.ip
mac principal.mac
service_port principal.port
src_port principal.port
app_path principal.process.file.full_path
app_name principal.process.file.names
m_user_group principal.user.group_identifiers
m_user principal.user.userid
message security_result.description
sev security_result.severity
alert_type security_result.summary
dest_name target.hostname
dest_ip target.ip
dest_port target.port
service_port target.port

Product Event Types

Event UDM Event Classification
All other events GENERIC_EVENT
nm_app_dest_survey NETWORK_CONNECTION
nm_device_survey STATUS_HEARTBEAT

Log Sample

<134>Mar 23 21:22:37 observer nmreporting[1234]: sourcetype="nm_app_flow" app_fname="My Application" app_name="APPLICATION.EXE" app_path="C:\\Program Files (x86)\\My Application\\APPLICATION.EXE" app_procid="1234" app_ver="1.0.0" d_auth_id="" d_group="MyGroup" d_man="Manufacturer Name" d_mod="Device Model" d_name="hostname" dest_cat="5" dest_cat_desc="Computer and internet info" dest_ip="" dest_name="" dest_port="443" dest_rep="4000" dest_rep_desc="Low risk" event="Close" m_pid="12345678910" m_user="johndoe" m_user_group="Users" m_ver="12.34.5678" osver="1.01.1" out_tnl="1" plat="Windows" prot="TCP" rx="16505" src_ip="" src_port="57478" tx="24158"

Sample Parsing

metadata.description = "Application flows"
metadata.event_timestamp = "2023-03-23T16:22:37Z"
metadata.event_type = "NETWORK_CONNECTION"
metadata.product_name = "NetMotion Mobility"
metadata.vendor_name = "Absolute Software"
network.ip_protocol = "TCP"
network.received_bytes = 16505
network.sent_bytes = 24158
observer.hostname = "observer"
principal.application = "My Application"
principal.asset.hardware.manufacturer = "Manufacturer Name"
principal.asset.hardware.model = "Device Model"
principal.product_object_id = "12345678910" = "My Application" = "1.0.0"
principal.hostname = "hostname"
principal.ip = ""
principal.port = 57478
principal.process.file.full_path = "C:\\\\Program Files (x86)\\\\My Application\\\\APPLICATION.EXE"
principal.process.file.names = "APPLICATION.EXE" = "1234"
principal.user.group_identifiers = "Users"
principal.user.userid = "johndoe"
target.hostname = ""
target.ip = ""
target.port = 443


Coming Soon