Versions Compared

Old Version 6

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

The tags beginning with network.vmware identify events generated by VMware.

Tag structure

The full tag must have four levels. The first two are fixed asnetwork.vmware. The third level identifies the type of event sent, and the fourth level identifies the subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

VMware AirWatch

network.vmware.airwatch.events

network.vmware.airwatch.events

VMware NSX Advanced Load Balancer (Avi Networks)

network.vmware.nsx_avi.generic_event

network.vmware.nsx_avi.generic_event

VMware NSX Controller

network.vmware.nsx_controller

network.vmware.nsx_controller

network.vmware.nsx_controller.falcon

network.vmware.nsx_controller.falcon

VMware NSX Edge

network.vmware.nsx_edge

network.vmware.nsx_edge

network.vmware.nsx_edge.datapathd

network.vmware.nsx_edge.datapathd

network.vmware.nsx_edge.integrity_checker

network.vmware.nsx_edge.integrity_checker

VMware NSX SHA

network.vmware.nsx_edge.nsx_sha

network.vmware.nsx_edge.nsx_sha

VMware NSX Manager

network.vmware.nsx_manager

network.vmware.nsx_manager

network.vmware.nsx_manager.appl_proxy

network.vmware.nsx_manager.appl_proxy

network.vmware.nsx_manager.ccp

network.vmware.nsx_manager.ccp

network.vmware.nsx_manager.node_mgmt

network.vmware.nsx_manager.node_mgmt

network.vmware.nsx_manager.nsx_sha

network.vmware.nsx_manager.nsx_sha

VMware NSX’s other events

network.vmware.nsx_other

network.vmware.nsx_other

VMware Unified Access Gateway

network.vmware.uag.events

network.vmware.uag.events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

...

Rw tab
title1-5

...

How is the data sent to Devo?

Logs must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

network.vmware.nsx_controller.falcon

  • Source port - Any available port

  • Target tag - network.vmware.nsx_controller.falcon

  • Source message - comp=\"nsx-controller\" subcomp=\"falcon\"

  • Stop processing -

network.vmware.nsx_

...

edge.

...

network.vmware.nsx_controller

datapathd

  • Source port - Any available port

  • Target tag - network.vmware.nsx_

...

  • edge.datapathd

  • Source message - comp=\"nsx-edge\" subcomp=\"datapathd\"

  • Stop processing -

network.vmware.nsx_edge

...

-integrity_checker

  • Source port - Any available port

  • Target tag - network.vmware.

...

Field

...

Type

  • nsx_edge-integrity_checker

  • Source message - comp=\"nsx-edge\" subcomp=\"integrity-checker\"

  • Stop processing -

network.vmware.nsx_manager.appl_proxy

  • Source port - Any available port

  • Target tag - network.vmware.nsx_manager.appl_proxy

  • Source message - comp=\"nsx-manager\" subcomp=\"appl-proxy\"

  • Stop processing -

network.vmware.nsx_manager.ccp

  • Source port - Any available port

  • Target tag - network.vmware.nsx_manager.ccp

  • Source message - comp=\"nsx-manager\" subcomp=\"ccp\"

  • Stop processing -

network.vmware.nsx_manager.node_mgmt

  • Source port - Any available port

  • Target tag - network.vmware.nsx_manager.node_mgmt

  • Source message - comp=\"nsx-manager\" subcomp=\"node-mgmt\"

  • Stop processing -

network.vmware.nsx_manager.nsx_sha

  • Source port - Any available port

  • Target tag - network.vmware.nsx_manager.nsx_sha

  • Source message - .comp=\"nsx-manager\" subcomp=\"nsx-sha\"

  • Stop processing -

network.vmware.nsx_other

  • Source port - Any available port

  • Target tag - network.vmware.nsx_other

  • Source message - comp=\"nsx-

  • Stop processing -

Table structure

These are the fields displayed in these tables:

str
Rw ui tabs macro
Rw tab
title1-5

Anchor
tag1
tag1
network.vmware.airwatch.events

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

event_type

str

 

event

str

 

user

str

 

event_source

str

 

event_module

str

 

event_category

str

 

event_data

str

 

event_timestamp

str

 

hostchain

str

 

tag

str

 

rawMessage

str

Anchor
tag2
tag2
network.vmware.nsx_avi.generic_event

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

 

vhost

event

service_

type

name

str

 

 

event

log_level

str

 

 

user

resource_name

str

 

event_source

event_category

str

 

event_data

 

reason

str

 

event_module

str

 

 

timestamp

timestamp

Code Block
parsedate(timestamp_tmp, dateformat("YYYY-MM-DD HH:mm:ssZZ", "UTC"))

timestamp_tmp

event_type

str

 

 

event_

timestamp

subtype

str

 

 

hostchain

object_name

str

 

 

tag

tenant_name

str

 

 

rawMessage

username

str

anchor

 

tag2tag2network.vmware.nsx_avi.generic_event

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp 

process_name

str

 

 

hostpid

str

 

vhost 

serviceuser_nameip

strip4

 

 

logserver_levelip

strip4

 

 

resourceserver_internal_nameip

strip4

 

 reason

server_port

str

 

 

timestamp

timestamp

Code Block
parsedate(timestamp_tmp, dateformat("YYYY-MM-DD HH:mm:ssZZ", "UTC"))

timestamp_tmp

event_type

strvip_ip

ip4

 

 

avg_uptime

float8

 

 

eventhit_subtypethreshold

strfloat8

 

 

object_namemessage

str

 

 

tenant_namehostchain

str

 

 

usernametag

str

 

 

process_namerawMessage

str

 

 

pid

str

 

 

user_ip

ip4

 

 

server_ip

ip4

 

 

server_internal_ip

ip4

 

 

server_port

 

Anchor
tag3
tag3
network.vmware.nsx_controller

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

subtype

str

vsubtype

proc_id

str

 

msg_id

str

 

 

vip

sd_

ip 

id

ip4

str

 

avg_uptime

component

float8 

str

 

subcomponent

str

 

hit_threshold

float8

severity

str

 

message

str

 

transaction_id

str

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor

tag3

tag4

tag3

tag4
network.vmware.nsx_controller.falcon

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

subtype

str

vsubtype

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

severity

str

 

message

str

 

transaction_id

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor

tag4

tag5

tag4

tag5
network.vmware.nsx_

controller.falcon

edge

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

host

str

vhost

subtype

str

vhost

vsubtype

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

message

str

 

action

str

 

reason

str

 

transaction_id

name

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchortag5tag5

str

 

rawMessage

str

 

Rw tab
title6-10

Anchor
tag6
tag6
network.vmware.nsx_edge.datapathd

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

subtype

str

vsubtype

proc_id

str

 

msg

_id

str

 

sd

_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

sd_id

str

 

message

component

str

 

action

subcomponent

str

 

reason

s2comp

str

 

name

severity

str

 

hostchain

message

str

 

tag

name

str

 

rawMessage

vrf_id

str

 

UUID

rw-tab

str

title6-10
Anchortag6tag6network.vmware.nsx_edge.datapathd

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

s2comp

str

 

severity

str

 

message

str

 

name

str

 

vrf_id

str

 

UUID

str

 

adress_family

str

 

reason

str

 

action

str

 

rule_id

str

 

direction

str

 

packet_lenght

str

 

protocol_number

str

 

protocol

str

 

source_ip_port

str

 

destination_ip_port

str

 

TCP_flags 

adress_family

str

 

reason

str

 

action

str

 

rule_id

str

 

direction

str

 

packet_lenght

str

 

protocol_number

str

 

protocol

str

 

source_ip_port

str

 

destination_ip_port

str

 

TCP_flags

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag7
tag7
network.vmware.nsx_edge.integrity_checker

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

message

str

 

action

str

 

reason

str

 

name

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor

tag7

tag75

tag7

tag75
network.vmware.nsx_

edge

esx.

integrity

nsx_

checker

sha

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

message

str

 

action

repeats_number

str

 

reason

repeats_in

str

 

name

message_body

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag8
tag8
network.vmware.nsx_manager

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

subtype

str

vsubtype

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

tid

str

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag9
tag9
network.vmware.nsx_manager.appl_proxy

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

tid

str

 

message

str

 

forwarding_engine

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag10
tag10
network.vmware.nsx_manager.ccp

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

message

str

 

transport_node

str

 

transaction

str

 

received_from

str

 

items_size

str

 

full_sync

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Rw tab
title11-14

Anchor
tag11
tag11
network.vmware.nsx_manager.node_mgmt

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag12
tag12
network.vmware.nsx_manager.nsx_sha

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

proc_id

str

 

msg_id

str

 

sd_id

str

 

component

str

 

subcomponent

str

 

user_name

str

 

severity

str

 

s2comp

str

 

message

str

 

repeats_number

str

 

repeats_in

str

 

message_body

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag13
tag13
network.vmware.nsx_other

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

subtype

str

vsubtype

message

str

rawMessage

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag14
tag14
network.vmware.uag.events

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

host

str

vhost

type

str

 

action

str

 

srcDate

timestamp

 

id

str

 

device

str

 

srcIp

str

 

src

str

 

dstIp

str

 

dstPort

str

 

dst

str

 

node

str

 

arguments

str

 

runtime

str

 

procedure

str

 

errorCode

str

 

profile

str

 

authChain

str

 

language

str

 

skin

str

 

target

str

 

identity

str

 

reason

str

 

authUser

str

 

effectiveUser

str

 

OTPLogin

str

 

message

str

 

rawMessage

str

 

hostchain

str

 

tag

str