Open for Voting

VMWare Velocloud SYSLOG connector

Case # - 00868985 Velocloud New Connector Request

Velocloud SDWAN edge devices will log to SEM but show up under Unmatched Foundry Data or BrocadeIronSeries - MOST of it is under "unmatched" which is undesirable.

attached is the syslog.1633720596.tar.gz export from the SEM and the is a raw log to alievault server that has additional examples of NOTICE, WARNING etc. type messages in addition to firewall.  The only real difference is it uses the host name of the device instead of the IP at the start of an entry.

    Oct 14 16:20:13 Main velocloud.sdwan: velocloud.sdwan: ACTION=VCF Close TgHl8ux5Snm5QtdhF1rQOw SID=0002244007 SEGMENT=0 IN=VLAN-1032 PROTO=TCP SRC= DST= SPT=55155 DPT=443 APPLICATION=Google APIs DURATION_SECS=251 BYTES_SENT=11535 BYTES_RECEIVED=56209 REASON=FIN-Received DEST_NAME=NVS-via-vcg71-sea2 FW_POLICY_NAME=Allow DMZ Internet SEGMENT_NAME=Global Segment
    Oct 14 16:22:14 Main velocloud.sdwan: velocloud.sdwan: ACTION=VCF Close 1RCk9oQvR4WNLf4RMBELXg SID=0002250363 SEGMENT=0 IN=VLAN-318 PROTO=TCP SRC= DST= SPT=5815 DPT=443 APPLICATION=gstatic DURATION_SECS=240 BYTES_SENT=2067 BYTES_RECEIVED=2071 REASON=FIN-Received DEST_NAME=NVS-via-vcg71-sea2 FW_POLICY_NAME=LOG Permit Jumpboxes out LMI SEGMENT_NAME=Global Segment

  • Additional, theres a new field as of the 4.3 firmware for the firewall rule name.  Field added is FW_POLICY_NAME=