HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In
Guides

Audit Streaming Event

Audit streaming event is generated to notify the following events:

  • Device connectivity
  • The device is onboarded
  • Group move is done for a device
  • The configuration is pushed by HPE Aruba Networking Central
  • The firmware is updated for a particular device
  • Firmware status

Audit Streaming Topic Protocol Buffer File

message mac_address
{
    optional bytes addr = 1;
} 

message ip_address 
{
    enum addr_family
    { 
      ADDR_FAMILY_UNSPEC =0;
      ADDR_FAMILY_INET = 1;
     ADDR_FAMILY_INET6 = 2;
    } 
   optional addr_family af =1;
   optional bytes addr = 2;
} 

enum classification 
{
   CONFIGURATION = 0;
   FIRMWARE = 1;
   DEVICE_MGMT = 2;
} 

message config 
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message firmware
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message device_management 
{
   required string data = 1;
   optional string detailed_data = 2;
} 

message audit_message 
{
   required string customer_id = 1;
   required uint32 timestamp = 2;
   required classification service = 3;
   required string group_name = 4;
   required string target = 5;
   required ip_address client_ip = 6; 
   required string username = 7;
   // Service data
   optional config config_info = 8;
   optional firmware firmware_info = 9;
   optional device_management dm_info = 16;
}

Parameters Descriptions

The following table lists the field, type, rule, and descriptions of the above mentioned protobuf sample

Field

Type

Rule

Description

Client IP

ip_address

Required

Indicates the IP address of the client. It contains the following:

  • af— Indicates the address family and contain the following:

-ADDR_FAMILY_UNSPEC— Indicates the unspecified version 6
-ADDR_FAMILY_INET— Indicates the unspecified version 4
-ADDR_FAMILY_INET6— Indicates the IP version 6

  • addr— Indicates the address.

Service

classification

Optional

Indicates the service which generated the event. Contains one of the following:

  • Configuration—Used for configuration status related events.
  • Firmware— Used for firmware status related events.
  • Device_ MGMT— Used for device connectivity related events.
datastringRequiredIndicates a short description of event - Example: Upgrading the device
from version1 to version2.
detailed_datastringOptionalIndicates the details, if available for the event.
Customer IDstringRequiredIndicates the customer ID.
timestampuint32RequiredIndicates the time of occurrence of the event.
group_namestringRequiredName of the group where the device is.
targetstringRequiredIndicates the swarm_ID or device_ID.
client_ipip_addressRequiredIndicates the client IP that determines the IP information of the user who has triggered the event.
usernamestringRequiredIndicates the username, which is the information of the user who has triggered the event.
config_infoconfigOptionalIndicates and provides information when service is CONFIGURATION.
firmware_infofirmware.OptionalIndicates and provides information when service is FIRMWARE.
dm_infodevice_managementOptionalIndicates and provides information when service is DEVICE MANAGEMENT.

Sample Messages for Audit Topic

The .proto file shown above consists of many messages. But, the message "audit_message" contains all other messages nested in it. Therefore, the message audit_message should be used to deserialize the Audit events.

Following are the sample events received for Audit Streaming Topic:

  • Configuration event—This structure is used to describe events related to change in the configuration of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: CONFIGURATION
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
config_info {
data: "Template/Variable Configuration Error"
detailed_data: "{\"body\": [\"No matching template found for device\"], \"header\": \"Details\"}"
}
  • Firmware event—This structure is used to describe events related to the firmware update of a device.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604247832
service: FIRMWARE
group_name: "templ_group"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "10.240.130.251"
}
username: "[email protected]"
firmware_info {
data: "Upgrading the device from 6.4.4.8-4.2.4.10_62611 to 8.6.0.4_74969"
}
  • Device management event—This structure is used to describe events related to device connectivity.
customer_id: "dbf464a40e0c4a26ba90005e59168068"
timestamp: 1604248256
service: DEVICE_MGMT
group_name: "audit_streaming_test"
target: "CT0840410"
client_ip {
af: ADDR_FAMILY_INET
addr: "0.0.0.0"
}
username: "System"
dm_info {
data: "Swarm creation successful and moved to group audit_streaming_test"
}