RabbitMQ¶
About¶
RabbitMQ is a reliable and mature messaging and streaming broker, which is easy to deploy on cloud environments, on-premises, and on your local machine.
Product Details¶
Vendor URL: RABBITMQ
Product Type: Monitoring
Product Tier: Tier II
Integration Method: Webhook
Log Guide: RabbitMQ Log Guide
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: RABBITMQ
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| container.id | metadata.product_log_id |
| docker.container.labels.com_docker_compose_config-hash | about.file.sha256 |
| docker.container.labels.com_docker_compose_project_config_files | about.file.names |
| docker.container.labels.com_docker_compose_project_working_dir | about.file.full_path |
| message.domain | observer.hostname |
| message.level | security_result.severity_details |
| message.level | security_result.severity |
| message.msg | security_result.summary |
| pid | principal.process.pid |
| principal | prinipal.ip |
| principal_port | principal.port |
| target | target.hostname |
| target | target.ip |
| target_port | target.port |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| Generic | GENERIC_EVENT |
Log Sample¶
{"container":{"id":"12345678901234567890123456789","image":{"name":"rabbitmq_rabbit"},"name":"rabbit"},"cyderes_log_type":"RABBITMQ","docker":{"container":{"labels":{"com_docker_compose_config-hash":"a12b3c4d5e6f7e8ab123456789abcdefghi","com_docker_compose_container-number":"1","com_docker_compose_oneoff":"False","com_docker_compose_project":"rabbitmq","com_docker_compose_project_config_files":"docker-compose.yml","com_docker_compose_project_working_dir":"/srv/Docker/Docker/rabbitmq","com_docker_compose_service":"rabbit","com_docker_compose_version":"1.25.0","org_opencontainers_image_ref_name":"ubuntu","org_opencontainers_image_version":"22.04"}}},"message":"{\"time\":\"2024-03-08 15:10:10.658389+00:00\",\"level\":\"info\",\"msg\":\"connection \u003c0.10000.83\u003e (10.0.0.0:63149 -\u003e 0.0.0.0:5672) has a client-provided name: Scheduler\",\"domain\":\"rabbitmq.connection\",\"pid\":\"\u003c0.10000.83\u003e\"}","stream":"stdout"}
Sample Parsing¶
about.file.full_path = "/srv/Docker/Docker/rabbitmq"
about.file.names = "docker-compose.yml"
about.file.sha256 = "a12b3c4d5e6f7e8ab123456789abcdefghi"
metadata.base_labels.log_types = "RABBITMQ"
metadata.event_timestamp.seconds = 1709910610
metadata.event_timestamp.nanos = 658389000
metadata.event_type = "GENERIC_EVENT"
metadata.log_type = "RABBITMQ"
metadata.product_log_id = "12345678901234567890123456789"
metadata.product_name = "RabbitMQ"
metadata.product_version = "3.12.12"
metadata.vendor_name = "Broadcom"
observer.domain.name = "connection"
observer.hostname = "rabbitmq"
principal.ip = "10.0.0.0"
principal.port = 63149
principal.process.pid = "0.10000.83"
security_result.severity = "INFORMATIONAL"
security_result.severity_details = "info"
security_result.summary = "connection <0.10000.83> (10.0.0.0:63149 -> 0.0.0.0:5672) has a client-provided name: Scheduler"
target.ip = "0.0.0.0"
target.port = 5672