Audit Streaming Event
Audit streaming event is generated to notify the following events:
- Device connectivity
- The device is onboarded
- Group move is done for a device
- The configuration is pushed by HPE Aruba Networking Central
- The firmware is updated for a particular device
- Firmware status
Audit Streaming Topic Protocol Buffer File
message mac_address
{
optional bytes addr = 1;
}
message ip_address
{
enum addr_family
{
ADDR_FAMILY_UNSPEC =0;
ADDR_FAMILY_INET = 1;
ADDR_FAMILY_INET6 = 2;
}
optional addr_family af =1;
optional bytes addr = 2;
}
enum classification
{
CONFIGURATION = 0;
FIRMWARE = 1;
DEVICE_MGMT = 2;
}
message config
{
required string data = 1;
optional string detailed_data = 2;
}
message firmware
{
required string data = 1;
optional string detailed_data = 2;
}
message device_management
{
required string data = 1;
optional string detailed_data = 2;
}
message audit_message
{
required string customer_id = 1;
required uint32 timestamp = 2;
required classification service = 3;
required string group_name = 4;
required string target = 5;
required ip_address client_ip = 6;
required string username = 7;
// Service data
optional config config_info = 8;
optional firmware firmware_info = 9;
optional device_management dm_info = 16;
}
Parameters Descriptions
The following table lists the field, type, rule, and descriptions of the above mentioned protobuf sample
Field | Type | Rule | Description |
---|---|---|---|
Client IP | ip_address | Required | Indicates the IP address of the client. It contains the following:
-ADDR_FAMILY_UNSPEC— Indicates the unspecified version 6
|
Service | classification | Optional | Indicates the service which generated the event. Contains one of the following:
|
data | string | Required | Indicates a short description of event - Example: Upgrading the device from version1 to version2. |
detailed_data | string | Optional | Indicates the details, if available for the event. |
Customer ID | string | Required | Indicates the customer ID. |
timestamp | uint32 | Required | Indicates the time of occurrence of the event. |
group_name | string | Required | Name of the group where the device is. |
target | string | Required | Indicates the swarm_ID or device_ID. |
client_ip | ip_address | Required | Indicates the client IP that determines the IP information of the user who has triggered the event. |
username | string | Required | Indicates the username, which is the information of the user who has triggered the event. |
config_info | config | Optional | Indicates and provides information when service is CONFIGURATION. |
firmware_info | firmware | .Optional | Indicates and provides information when service is FIRMWARE. |
dm_info | device_management | Optional | Indicates and provides information when service is DEVICE MANAGEMENT. |
Sample Messages for Audit Topic
The .proto
file shown above consists of many messages. But, the message "audit_message" contains all other messages nested in it. Therefore, the message audit_message should be used to deserialize the Audit events.
Following are the sample events received for Audit Streaming Topic:
- Configuration event—This structure is used to describe events related to change in the configuration of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: CONFIGURATION
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
config_info {
data: "Template/Variable Configuration Error"
detailed_data: "{\"body\": [\"No matching template found for device\"], \"header\": \"Details\"}"
}
- Firmware event—This structure is used to describe events related to the firmware update of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604247832
service: FIRMWARE
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "10.240.130.251"
}
username: "[email protected]"
firmware_info {
data: "Upgrading the device from 6.4.4.8-4.2.4.10_62611 to 8.6.0.4_74969"
}
- Device management event—This structure is used to describe events related to device connectivity.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: DEVICE_MGMT
group_name: "audit_streaming_test"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
dm_info {
data: "Swarm creation successful and moved to group audit_streaming_test"
}
Updated 3 months ago