Tripp Lite

About

Tripp Lite allows you to use your Console Server to securely monitor, access and control the computers, networking devices, telecommunications equipment, power supplies and operating environment in your data center, branch office or communications room.

Product Details

Vendor URL: Tripp Lite

Product Type: Network Switch

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 100%

Data Label: TRIPP_LITE

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field	UDM Field
action	security_result.action_details
description	security_result.description
DPT	target.port
DST	target.ip
Eaton	metadata.vendor_name
event_type	metadata.event_type
MAC	principal.mac
MAC	target.mac
observer	observer.hostname
pid	principal.process.pid
product_event	product_event_type
PROTO	network.ip_protocol
severity	security_result.severity_details
severity	security_result.severity
software	principal.asset.software.name
SPT	principal.port
SRC	principal.ip
swVersion	principal.asset.software.version
target_url	target.url
Tripp Lite	metadata.product_name
x-pid	principal.process.pid

Product Event Types

Event	UDM Event Classification
General	GENERIC_EVENT
Network Connection	NETWORK_CONNECTION

Log Sample

<4>Oct 16 15:44:31 HOST-NAME kernel: [123456.123456] Iptables: Block: IN=eth1 OUT= MAC=00:00:00:00:00:4f:cc:00:00:00:00:d1:00:00 SRC=10.10.0.000 DST=10.00.100.000 LEN=00 TOS=0x00 PREC=0x00 TTL=00 ID=1000 PROTO=UDP SPT=10000 DPT=2000 LEN=0

Sample Parsing

metadata.event_type = "NETWORK_CONNECTION"
metadata.log_type = "TRIPP_LITE"
metadata.product_event_type = "kernel"
metadata.product_name = "TrippLite"
metadata.vendor_name = "Eaton"
network.ip_protocol = "UDP"
observer.hostname = "HOST-NAME"
principal.ip = "10.10.0.000"
principal.mac = "00:00:00:00:00:4f"
principal.proccess.pid = 1000
principal.port = 10000
target.ip = "10.00.100.000"
target.mac = "cc:00:00:00:00:d1"
target.port = 2000

Rules

Coming Soon