Audit Streaming Event

Audit streaming event is generated to notify the following events:

  • Device connectivity
  • The device is onboarded
  • Group move is done for a device
  • The configuration is pushed by Aruba Central
  • The firmware is updated for a particular device
  • Firmware status

Audit Streaming Topic Protocol Buffer File

message mac_address
{
    optional bytes addr = 1;
} 

message ip_address 
{
    enum addr_family
    { 
      ADDR_FAMILY_UNSPEC =0;
      ADDR_FAMILY_INET = 1;
     ADDR_FAMILY_INET6 = 2;
    } 
   optional addr_family af =1;
   optional bytes addr = 2;
} 

enum classification 
{
   CONFIGURATION = 0;
   FIRMWARE = 1;
   DEVICE_MGMT = 2;
} 

message config 
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message firmware
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message device_management 
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message audit_message 
{
   required string customer_id = 1;
   required uint32 timestamp = 2;
   required classification service = 3;
   required string group_name = 4;
   required string target = 5;
   required ip_address client_ip = 6; 
   required string username = 7;
   // Service data
   optional config config_info = 8;
   optional firmware firmware_info = 9;
   optional device_management dm_info = 16;
}

Parameters Descriptions

The following table lists the field, type, rule, and descriptions of the above mentioned protobuf sample

Field

Type

Rule

Description

Client IP

ip_address

Required

Indicates the IP address of the client. It contains the following:

  • af— Indicates the address family and contain the following:

-ADDR_FAMILY_UNSPEC— Indicates the unspecified version 6
-ADDR_FAMILY_INET— Indicates the unspecified version 4
-ADDR_FAMILY_INET6— Indicates the IP version 6

  • addr— Indicates the address.

Service

classification

Optional

Indicates the service which generated the event. Contains one of the following:

  • Configuration—Used for configuration status related events.
  • Firmware— Used for firmware status related events.
  • Device_ MGMT— Used for device connectivity related events.

data

string

Required

Indicates a short description of event - Example: Upgrading the device
from version1 to version2.

detailed_data

string

Optional

Indicates the details, if available for the event.

Customer ID

string

Required

Indicates the customer ID.

timestamp

uint32

Required

Indicates the time of occurrence of the event.

group_name

string

Required

Name of the group where the device is.

target

string

Required

Indicates the swarm_ID or device_ID.

client_ip

ip_address

Required

Indicates the client IP that determines the IP information of the user who has triggered the event.

username

string

Required

Indicates the username, which is the information of the user who has triggered the event.

config_info

config

Optional

Indicates and provides information when service is CONFIGURATION.

firmware_info

firmware

.Optional

Indicates and provides information when service is FIRMWARE.

dm_info

device_management

Optional

Indicates and provides information when service is DEVICE MANAGEMENT.

Sample Messages for Audit Topic

The .proto file shown above consists of many messages. But, the message "audit_message" contains all other messages nested in it. Therefore, the message audit_message should be used to deserialize the Audit events.

Following are the sample events received for Audit Streaming Topic:

  • Configuration event—This structure is used to describe events related to change in the configuration of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: CONFIGURATION
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
config_info {
data: "Template/Variable Configuration Error"
detailed_data: "{\"body\": [\"No matching template found for device\"], \"header\": \"Details\"}"
}
  • Firmware event—This structure is used to describe events related to the firmware update of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604247832
service: FIRMWARE
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "10.240.130.251"
}
username: "[email protected]"
firmware_info {
data: "Upgrading the device from 6.4.4.8-4.2.4.10_62611 to 8.6.0.4_74969"
}
  • Device management event—This structure is used to describe events related to device connectivity.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: DEVICE_MGMT
group_name: "audit_streaming_test"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
dm_info {
data: "Swarm creation successful and moved to group audit_streaming_test"
}

Did this page help you?