VMware AVI Vantage¶
About¶
Avi Vantage is a software-based solution that provides real-time analytics and elastic application delivery services. Avi Vantage optimizes core web functions, including SSL termination and load balancing. Avi Vantage runs on virtual machines (VMs) managed by VMware vCenter. When deployed into a vCenter-managed VMware cloud, Avi Vantage performs as a fully distributed, virtualized system consisting of the Avi Controller and Avi Service Engines each running as a VM.
Product Details¶
Vendor URL: VMware AVI Vantage
Product Type: Security Platform
Product Tier: Tier III
Integration Method: Syslog
Integration URL: Forward vCenter Server Appliance Log Files to Remote Syslog Server
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: Near 100%
Data Label: VMWARE_AVI_VANTAGE
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
GENERIC_EVENT | metadata.event_type |
VMware | metadata.vendor_name |
AVI Vantage | metadata.product_name |
Event | metadata.product_event_type |
message | metadata.description |
source | principal.hostname |
user | principal.user.userid |
observer | observer.hostname |
targetip | target.ip |
observer | observer.ip |
status | security_result.action_details |
Product Event Types¶
Event | UDM Event Classification |
---|---|
All events | GENERIC_EVENT |
Log Sample¶
<44>Apr 25 23:44:01 host Avi-Controller WARNING [hostname: reason: Syslog for Config Events occured] At 2022-04-25 23:42:21+00:00 event CONFIG_UPDATE occurred on object hostname in tenant admin as Config hostname update status is success (performed by user user).
Sample Parsing¶
metadata.event_timestamp: 2022-04-25 23:42:21+00:00
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "VMware"
metadata.product_name: "AVI Vantage"
metadata.product_event_type: "CONFIG_UPDATE"
metadata.description: "Config update status is (performed by user )"
principal.hostname: "hostname"
principal.user.userid: "user"
observer.hostname: "host"
security_result.action_details: "success"
Parser Alerting¶
This product currently does not have any Parser-based Alerting