network.riverbed

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with network.riverbed identify events generated by Riverbed.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as network.riverbed. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Riverbed SteelHead	`network.riverbed.steelhead.event`	`network.riverbed.steelhead.event`
Riverbed SteelCentral	`network.riverbed.steelcentral.audit`	`network.riverbed.steelcentral.audit`

For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by Riverbed must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

Rule for `SteelCentral - Audit` events

Source port - Any available port
Source message - cascade-audit
Target tag - network.riverbed.steelcentral.audit
Sent without syslog tag - ✓
Stop processing - ✓

Rule for `SteelHead - Events` events

Source port - Any available port
Source message - ^[a-zA-Z]*\[\d+\]\:\s\[
Target tag - network.riverbed.steelhead.event
Sent without syslog tag - ✓
Stop processing - ✓

Rule for `SteelHead - Events (httpd)` events

Source port - Any available port
Source message - httpd:
Target tag - network.riverbed.steelhead.event
Sent without syslog tag - ✓
Stop processing - ✓

No 3rd-party mechanism is used. No collector is needed.

Table structure

These are the fields displayed in these tables:

network.riverbed.steelhead.event
network.riverbed.steelcentral.audit