Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#12185-1/2/3/4 4 new event types for Aruba (SSH Server/Client, Smartlink and SNMP) #12190

Open
wants to merge 2 commits into
base: feature-5255-aruba
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 36 additions & 25 deletions packages/hpe_aruba_cx/_dev/build/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1054,33 +1054,44 @@ Note: Descriptions have not been filled out
| aruba.sflow.port_name | | | server.port |
| aruba.sflow.unit | | | aruba.unit |

#### [SFTP Client events](https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/events/SFTP_CLIENT.htm)
| Field | Description | Type | Common |
|----------------------|-------------|------|------------------------------|
| aruba.sftp.from | | | source.address |
| aruba.sftp.status | | | aruba.status |
| aruba.sftp.to | | | destination.address |

#### [SNMP events](https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/events/SNMP.htm)
| Field | Description | Type | Common |
|---------------------------|-------------|------|------------------------------|
| aruba.snmp.truth_value | | | |
| aruba.snmp.vrf | | | aruba.vrf.id |
#### [SFTP Client events](https://www.arubanetworks.com/techdocs/AOS-CX/10.15/HTML/elmrg/Content/events/SFTP_CLIENT.htm)
| Docs Field | Schema Mapping |
|------------|------------------------|
| `<from>` | source.address |
| `<status>` | aruba.status |
| `<to>` | destination.address |

#### [Smartlink events](https://www.arubanetworks.com/techdocs/AOS-CX/10.15/HTML/elmrg/Content/events/SMARTLINK.htm)
| Docs Field | Schema Mapping |
|------------|------------------------|
| `<id>` | group.id |
| `<id>` | network.vlan.id |
| `<ifName>` | aruba.interface.name |

#### [SNMP events](https://www.arubanetworks.com/techdocs/AOS-CX/10.15/HTML/elmrg/Content/events/SNMP.htm)
| Docs Field | Schema Mapping |
|---------------------|------------------------------|
| `<truth_value>` | aruba.snmp.truth_value |
| `<vrf>` | aruba.vrf.id |

#### [SSH server events](https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/events/SSH_SERVER.htm)
| Field | Description | Type | Common |
|---------------------------|-------------|------|------------------------------|
| aruba.ssh.key_name | | | |
| aruba.ssh.username | | | user.name |
| aruba.ssh.vrf_name | | | aruba.vrf.name |
#### [SSH client events](https://www.arubanetworks.com/techdocs/AOS-CX/10.15/HTML/elmrg/Content/events/SSH_CLIENT.htm)
| Docs Field | Schema Mapping |
|--------------|-----------------------|
| `<ipaddr>` | server.ip |
| `<port_num>` | server.port |
| `<username>` | user.name |
| `<vrf_name>` | aruba.vrf.name |

#### [SSH_CLIENT events](https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/events/SSH_CLIENT.htm)
| Field | Description | Type | Common |
|----------------------|-------------|------|------------------------------|
| aruba.ssh.ipaddr | | | server.ip |
| aruba.ssh.port_num | | | server.port |
| aruba.ssh.username | | | user.name |
| aruba.ssh.vrf_name | | | aruba.vrf.name |
#### [SSH server events](https://www.arubanetworks.com/techdocs/AOS-CX/10.15/HTML/elmrg/Content/events/SSH_SERVER.htm)
| Docs Field | Schema Mapping |
|------------------|-----------------------|
| `<ip_address>` | client.ip |
| `<key_name>` | aruba.ssh.key_name |
| `<mgmt_intf>` | aruba.interface.id |
| `<new_ip>` | aruba.ssh.new_ip |
| `<original_ip>` | client.ip |
| `<username>` | user.name |
| `<vrf_name>` | aruba.vrf.name |

#### [Supportability events](https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/events/SUPPORTABILITY.htm)
| Field | Description | Type | Common |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1057,6 +1057,9 @@
},
"sequence": "1"
},
"client": {
"ip": "127.0.0.1"
},
"ecs": {
"version": "8.11.0"
},
Expand All @@ -1077,7 +1080,10 @@
"message": "User satori logged in from 127.0.0.1 through SSH session.",
"tags": [
"preserve_original_event"
]
],
"user": {
"name": "satori"
}
},
{
"@timestamp": "2024-08-01T05:22:26.478775-04:00",
Expand All @@ -1091,6 +1097,9 @@
},
"sequence": "1"
},
"client": {
"ip": "127.0.0.1"
},
"ecs": {
"version": "8.11.0"
},
Expand All @@ -1111,7 +1120,10 @@
"message": "User oxidized logged out of SSH session from 127.0.0.1.",
"tags": [
"preserve_original_event"
]
],
"user": {
"name": "oxidized"
}
},
{
"@timestamp": "2024-08-01T13:12:03.990790-04:00",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,28 @@
2024-06-18T12:48:38.182641-05:00 8360-Primaire hpe-pim[1234]: Event|5124|LOG_INFO|PIM|-|Candidate RP 192.168.1.1 is configured on interface eth0
2024-06-18T12:49:38.182641-05:00 8360-Primaire hpe-pim[1234]: Event|5125|LOG_INFO|PIM|-|BFD Session created for neighbor 192.168.1.2 on interface eth0
2024-06-18T12:50:38.182641-05:00 8360-Primaire hpe-pim[1234]: Event|5126|LOG_INFO|PIM|-|BFD Session deleted for neighbor 192.168.1.2 on interface eth0
2024-06-18T12:45:38.182641-05:00 8360-Primaire sshd[1234]: Event|5201|LOG_INFO|SSHS|-|SSH host-key host_key_1 is installed.
2024-06-18T12:46:38.182641-05:00 8360-Primaire sshd[1234]: Event|5202|LOG_INFO|SSHS|-|SSH server is enabled on VRF vrf1.
2024-06-18T12:47:38.182641-05:00 8360-Primaire sshd[1234]: Event|5203|LOG_INFO|SSHS|-|SSH server is disabled on VRF vrf1.
2024-06-18T12:48:38.182641-05:00 8360-Primaire sshd[1234]: Event|5204|LOG_INFO|SSHS|-|SSH client-public-key key1 was installed for the user user1.
2024-06-18T12:49:38.182641-05:00 8360-Primaire sshd[1234]: Event|5205|LOG_INFO|SSHS|-|SSH client-public-key key1 was removed for the user user1.
2024-06-18T12:50:38.182641-05:00 8360-Primaire sshd[1234]: Event|5207|LOG_ERR|SSHS|-|An internal error occurred while reading the SSH host-key host_key_1.
2024-06-18T12:51:38.182641-05:00 8360-Primaire sshd[1234]: Event|5208|LOG_ERR|SSHS|-|Failed to enable SSH server on VRF vrf1. Admin password is not set.
2024-06-18T12:53:38.182641-05:00 8360-Primaire sshd[1234]: Event|5210|LOG_ERR|SSHS|-|User user1 login from 192.168.1.1 for SSH session failed during password based authentication.
2024-06-18T12:55:38.182641-05:00 8360-Primaire sshd[1234]: Event|5212|LOG_WARN|SSHS|-|SSH session from 192.168.1.1 is rejected because maximum number of SSH sessions is reached.
2024-06-18T12:56:38.182641-05:00 8360-Primaire sshd[1234]: Event|5213|LOG_WARN|SSHS|-|SSH session from user user1 closed because maximum number of sessions per user is reached.
2024-06-18T12:57:38.182641-05:00 8360-Primaire sshd[1234]: Event|5214|LOG_WARN|SSHS|-|SSH session from 192.168.1.1 denied due to host key verification failure.
2024-06-18T12:58:38.182641-05:00 8360-Primaire sshd[1234]: Event|5215|LOG_ERR|SSHS|-|SSH session from 192.168.1.1 for user user1 denied. The allowed user management interfaces are: mgmt_intf1
2024-06-18T12:59:38.182641-05:00 8360-Primaire sshd[1234]: Event|5216|LOG_ERR|SSHS|-|SSH session from 192.168.1.1 for user user1 rejected due to failed public key validation
2024-06-18T13:00:38.182641-05:00 8360-Primaire sshd[1234]: Event|5217|LOG_ERR|SSHS|-|SSH server on VRF vrf1 is in an error state.
2024-06-18T13:01:38.182641-05:00 8360-Primaire sshd[1234]: Event|5218|LOG_INFO|SSHS|-|Converting configured SSH server allow-list entry 192.168.1.1 to CIDR format (192.168.1.0/24)
2024-06-18T13:02:38.182641-05:00 8360-Primaire sshd[1234]: Event|5219|LOG_ERR|SSHS|-|Failed to convert configured SSH server allow-list entry 192.168.1.1 to CIDR format, using original address as-is
2024-06-18T13:03:38.182641-05:00 8360-Primaire sshd[1234]: Event|5220|LOG_ERR|SSHS|-|RADIUS authorize-only request failed for SSH session from 192.168.1.1 for user user1.
2024-06-18T13:04:38.182641-05:00 8360-Primaire sshd[1234]: Event|5221|LOG_ERR|SSHS|-|SSH session from 192.168.1.1 denied because username user1 not found in authenticating certificate Common Name or User Principal Name fields.
2024-06-18T13:05:38.182641-05:00 8360-Primaire sshd[1234]: Event|5222|LOG_ERR|SSHS|-|SSH session from 192.168.1.1 for user user1 denied by SSH server allow-list
2024-06-18T13:06:38.182641-05:00 8360-Primaire sshd[1234]: Event|5223|LOG_WARN|SSHS|-|An empty SSH allow-list has been enabled and all new SSH connections will be denied.
2024-06-18T12:45:38.182641-05:00 8360-Primaire sftp-client[1234]: Event|5301|LOG_INFO|SFTPC|-|SFTP file transfer from server1 to server2 completed.
2024-06-18T12:46:38.182641-05:00 8360-Primaire sftp-client[1234]: Event|5302|LOG_ERR|SFTPC|-|SFTP file transfer from server1 to server2 failed - connection_lost.
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|5601|LOG_INFO|HTTPSSERVER|-|User admin has enabled read-only for REST mode
2024-06-18T12:46:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|5602|LOG_INFO|HTTPSSERVER|-|User admin has enabled HTTPS Server on VRF default
2024-06-18T12:47:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|5603|LOG_INFO|HTTPSSERVER|-|User admin closed all HTTPS sessions
Expand Down Expand Up @@ -469,6 +491,17 @@
2024-06-12T14:00:38.324517-05:00 8360-Primaire hpe-config[1989034]: Event|6804|LOG_ERR|AMM|-|Error while copying configs. Error: error_message
2024-06-12T14:00:38.324517-05:00 8360-Primaire hpe-config[1989034]: Event|6805|LOG_INFO|AMM|-|Information while copying configs. Info: info_message
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-nae[1234]: Event|6901|LOG_INFO|NAEAGENT|-|An action has been triggered by the NAE agent nae_agent_1
2024-06-18T12:45:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7101|LOG_INFO|SNMP|-|Snmp agent is up and running in namespace default
2024-06-18T12:46:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7102|LOG_INFO|SNMP|-|Snmp sub agent is up and running in namespace default
2024-06-18T12:47:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7103|LOG_INFO|SNMP|-|Snmp agent is disabled for namespace default
2024-06-18T12:48:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7104|LOG_INFO|SNMP|-|Snmp sub agent is disabled for namespace default
2024-06-18T12:49:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7105|LOG_ERR|SNMP|-|Failed to poll snmp
2024-06-18T12:50:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7106|LOG_ERR|SNMP|-|Snmp and credential manager integration failed
2024-06-18T12:51:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7107|LOG_INFO|SNMP|-|Snmp system now configured
2024-06-18T12:52:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7108|LOG_INFO|SNMP|-|Snmp and database Integration has been initialized
2024-06-18T12:53:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7109|LOG_INFO|SNMP|-|Successfully initialized all SNMP plugins
2024-06-18T12:54:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7110|LOG_INFO|SNMP|-|Destroyed all SNMP plugins
2024-06-18T12:54:38.182641-05:00 8360-Primaire snmpd[1234]: Event|7111|LOG_INFO|SNMP|-|SNMP cache sync on-demand is set to: truth_value_mock
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-faultmon[1234]: Event|7200|LOG_ERR|INSYSTEM|-|Internal fatal error at main.c:42
2024-06-18T12:46:38.182641-05:00 8360-Primaire hpe-faultmon[1234]: Event|7210|LOG_ERR|INSYSTEM|-|Non-failsafe update needed for device123. Please run the allow-unsafe-updates command
2024-06-18T12:47:38.182641-05:00 8360-Primaire hpe-faultmon[1234]: Event|7211|LOG_ERR|INSYSTEM|-|Do not interrupt non-failsafe update for device123
Expand Down Expand Up @@ -640,6 +673,9 @@
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|8810|LOG_INFO|AMM|-|Unicast Remote MAC 00:1A:2B:3C:4D:5E learnt on VNI 100 is added to the switch
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|8811|LOG_INFO|AMM|-|Unicast Remote MAC 00:1A:2B:3C:4D:5E learnt on VNI 100 is removed from the switch
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-copp[1233]: Event|8812|LOG_INFO|AMM|-|Tunnel 192.168.1.1 is removed from Hardware VTEP DB
2024-06-18T12:45:38.182641-05:00 8360-Primaire sshd[1234]: Event|9001|LOG_INFO|SSHC|-|Connection to SSH server 192.168.1.100 on VRF default is established for user admin over port 22
2024-06-18T12:46:38.182641-05:00 8360-Primaire sshd[1234]: Event|9002|LOG_ERR|SSHC|-|Connection to SSH server 192.168.1.100 on VRF default over port 22 is denied
2024-06-18T12:47:38.182641-05:00 8360-Primaire sshd[1234]: Event|9003|LOG_INFO|SSHC|-|Connection to SSH server 192.168.1.100 on VRF default is successfully closed for user admin over port 22
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-storage[1234]: Event|9101|LOG_ERR|AMM|-|Failed to report storage Storage1 details for module 5. Error: Disk failure
2024-06-18T12:46:38.182641-05:00 8360-Primaire hpe-storage[1234]: Event|9102|LOG_INFO|AMM|-|Storage Storage1 health alert. Endurance utilization at 85% in module 5
2024-06-18T12:47:38.182641-05:00 8360-Primaire hpe-storage[1234]: Event|9103|LOG_INFO|AMM|-|Storage Storage1 endurance utilization at 85% in module 5
Expand Down Expand Up @@ -735,6 +771,9 @@
2024-06-18T12:47:38.182641-05:00 8360-Primaire hpe-macsec[1234]: Event|11202|LOG_INFO|MACsec|-|MKA session secured for Connectivity Association 1234 on interface eth0.
2024-06-18T12:48:38.182641-05:00 8360-Primaire hpe-macsec[1234]: Event|11203|LOG_INFO|MACsec|-|Secure Association key updated for Connectivity Association 1234 on interface eth0 - Latest AN/KN 1/2, Old AN/KN 3/4.
2024-06-18T12:49:38.182641-05:00 8360-Primaire hpe-macsec[1234]: Event|11204|LOG_INFO|MACsec|-|Possible replay attempt detected on the Secure Channel 00:11:22:33:44:55.
2024-06-18T12:45:38.182641-05:00 8360-Primaire hpe-smartlink[1234]: Event|11301|LOG_INFO|Smartlink|-|Flush message received on eth0 with control VLAN 100
2024-06-18T12:46:38.182641-05:00 8360-Primaire hpe-smartlink[1234]: Event|11302|LOG_INFO|Smartlink|-|Active link of the smartlink group 1 changed to eth1
2024-06-18T12:47:38.182641-05:00 8360-Primaire hpe-smartlink[1234]: Event|11303|LOG_INFO|Smartlink|-|Backup link of the smartlink group 1 changed to eth2
2024-06-20T13:54:38.182641-05:00 8360-Primaire hpe-cfmd[1204]: Event|11601|LOG_ERR|CFM|-|Connection lost for Maintenance Endpoint myEndpointId on eth0.
2024-06-20T13:55:38.182641-05:00 8360-Primaire hpe-cfmd[1204]: Event|11602|LOG_INFO|CFM|-|Connection restored for Maintenance Endpoint myEndpointId on eth0.
2024-06-21T13:56:38.182641-05:00 8360-Primaire hpe-container[1255]: Event|11801|LOG_INFO|CONTAINER|-|Container myContainerName is created
Expand Down
Loading