Hp
LogZilla App Store application: Hp
Overview
Aruba Networks is a subsidiary of Hewlett Packard Enterprise (HPE). HPE Aruba provides enterprise network access and switching hardware for wireless and wired network infrastructure. This app processes log messages from Aruba network devices to extract event information and create user tags for analysis.
App Function
The HP Aruba app performs the following functions:
-
Device Recognition: Identifies log messages from HP Aruba devices using two methods:
- Numeric "program" field (Aruba Message ID)
- Message text matching Aruba message templates
-
Message Processing: For recognized Aruba messages:
- Changes "program" field to
HP_Switch - Prepends Aruba event ID to log message text
- Creates user tags based on event information
- Changes "program" field to
-
SSH Connection Tracking: For SSH/Telnet events, extracts source IP addresses and sets the
SrcIPuser tag
Vendor Documentation
- Aruba Support
- HPE Aruba Networking Support Services
- HP Aruba Troubleshooting
- Logmanager Documentation
- Aruba Central - How to Configure Logs and TFTP Dump Servers
Incoming Log Format
Aruba devices send log messages via standard syslog format. The message structure typically follows this pattern:
- Primary timestamp and IP - Initial date-timestamp and IP address
- Secondary timestamp and IP - Optional second pair (usually within seconds of primary)
- Event ID - Aruba-specific numeric event identifier
- Type code - Category identifier followed by colon
- Event details - Descriptive text with event-specific information
Event details may contain IP addresses or port numbers, but data elements are not consistently delimited or positioned, making parsing challenging for unrecognized message types.
Parsed Metadata Fields
The HP Aruba app extracts the following information from log messages:
Standard Events:
- Aruba event ID (numeric identifier)
- Event category name (derived from event ID lookup)
SSH/Telnet Events:
- Source IP address of incoming connections
| Tagged | Tag Name | Example | Description |
|---|---|---|---|
| ☑ | HP Event ID | 00419 | the Aruba event id of the log message |
| ☑ | HP Category | Authentication | the category of this event |
| ☑ | SrcIP | 192.168.0.1 | source IPv4 address of the SSH connection |
Log Examples
Incoming Telnet Connection
textJul 2 04:32:53 192.168.1.59 Jul 2 03:32:54 192.168.1.59 00179 mgr: SME TELNET from 192.168.0.100 - MANAGER Mode
Port Going Off-Line
textJul 2 04:08:40 192.168.1.132 Jul 2 04:08:40 192.168.1.132 00077 ports: port 4 is now off-line
Packet Errors
textJul 2 04:09:07 192.168.1.123 00327 FFI: port 13-Excessive undersized/giant packets. See help.
Aruba Categories
| Category | Category | Category |
|---|---|---|
802.1x | Accounting | ACL |
Activate | Address Manager | AMP Server |
ARP Protect | ARP Throttle | Authentication |
Autorun | BFD | BGP |
BPDU | Bridge | BYOD Redirect |
Captive Portal | CDP | Central |
Chassis | connfilt | Console |
COS | Crypto | DCA |
DHCP | DHCP Server | DHCP Snoop |
DHCPv6 Snoop | DHCPv6c | DHCPv6r |
DIPLDv6 | DLDP | DMA |
Download | DT | Dynamic IP |
Fault | GARP | GVRP |
HPESP | HPESP Cert Mgr | HTTP |
IDM | IGMP | Instrumentation Monitor |
InSysProg | IP | IP Address Manager |
IP SLA | IPSec | Job Scheduler |
KMS | LACP | Licensing |
LLDP | LLDP MAD | Load Balancer |
Loop Protect | MAC Lock | MACsec |
Manager | mDNS | MLD |
MTM | MVRP | ND Snoop |
NETINET | NTP | OOBM |
OpenFlow | OSPF | OSPF3 |
PIM | Policy | Ports |
Profile Manager | psDetect | QinQ |
RA Guard | RADIUS | Rate Limiting |
RIP | RIPng | Secure Mode |
Service Tunnel | sFlow | SFTP |
Smart Link | SNMP | SNTP |
Source IP | Spanning Tree | SSH |
SSL | Stacking | System |
TACACS | Telnet | TFTP |
TimeP | TLS | TR-069 |
Transparent Mode | Tunneled Node | UDLD |
UDP Forwarder | UFD | Update |
USB | VLAN | VRRP |
VSF | VxLAN Tunnel | Xmodem |