Skip to content

VMware AVI Vantage

VMware AVI Vantage

About

Avi Vantage is a software-based solution that provides real-time analytics and elastic application delivery services. Avi Vantage optimizes core web functions, including SSL termination and load balancing. Avi Vantage runs on virtual machines (VMs) managed by VMware vCenter. When deployed into a vCenter-managed VMware cloud, Avi Vantage performs as a fully distributed, virtualized system consisting of the Avi Controller and Avi Service Engines each running as a VM.

Product Details

Vendor URL: VMware AVI Vantage

Product Type: Security Platform

Product Tier: Tier III

Integration Method: Syslog

Integration URL: Forward vCenter Server Appliance Log Files to Remote Syslog Server

Parser Details

Log Format: Syslog

Expected Normalization Rate: Near 100%

Data Label: VMWARE_AVI_VANTAGE

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
GENERIC_EVENT metadata.event_type
VMware metadata.vendor_name
AVI Vantage metadata.product_name
Event metadata.product_event_type
message metadata.description
source principal.hostname
user principal.user.userid
observer observer.hostname
targetip target.ip
observer observer.ip
status security_result.action_details

Product Event Types

Event UDM Event Classification
All events GENERIC_EVENT

Log Sample

<44>Apr 25 23:44:01 host Avi-Controller WARNING  [hostname: reason: Syslog for Config Events occured] At 2022-04-25 23:42:21+00:00 event CONFIG_UPDATE occurred on object hostname in tenant admin as Config hostname update status is success (performed by user user). 

Sample Parsing

metadata.event_timestamp: 2022-04-25 23:42:21+00:00
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "VMware"
metadata.product_name: "AVI Vantage"
metadata.product_event_type: "CONFIG_UPDATE"
metadata.description: "Config update status is (performed by user )"
principal.hostname: "hostname"
principal.user.userid: "user"
observer.hostname: "host"
security_result.action_details: "success"

Parser Alerting

This product currently does not have any Parser-based Alerting