IBM SAN Volume Controller
The JSA DSM for IBM SAN Volume Controller collects events from IBM SAN Volume Controller.
This DSM supports only the Cloud Auditing Data Federation (CADF) event format that includes monitoring and protection related to cloud account's create, update, removal and cloud backup activity events from IBM SAN Volume Controller.
The following table describes the specifications for the IBM SAN Volume Controller DSM:
Specification |
Value |
---|---|
Manufacturer |
IBM |
DSM name |
IBM SAN Volume Controller |
RPM file name |
DSM-IBMSANVolumeController-JSA_version-build_number .noarch.rpm |
Supported versions |
N/A |
Protocol |
Syslog |
Event format |
CADF |
Recorded event types |
activity, control, and monitor audit events |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
IBM SAN Volume Controller website (http://www-03.ibm.com/systems/storage/software/virtualization/svc/) |
To integrate IBM SAN Volume Controller with JSA, complete the following steps:
-
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads, in the order that they are listed, on your JSA console:
-
DSMCommon RPM
-
IBM SAN Volume Controller DSM RPM
-
-
Configure your IBM SAN Volume Controller server to send syslog events to JSA.
-
If JSA does not automatically detect the log source, add an IBM SAN Volume Controller log source on the JSA console. The following table describes the parameters that require specific values for IBM SAN Volume Controller event collection:
Table 2: IBM SAN Volume Controller Log Source Parameters Parameter
Value
Log Source type
IBM SAN Volume Controller
Protocol Configuration
Syslog
Log Source Identifier
The IP address or host name of the IBM SAN Volume Controller server.
-
To verify that JSA is configured correctly, review the following table to see an example of a parsed event message.
Note:Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
The following table shows a sample event message for IBM SAN Volume Controller:
Table 3: IBM SAN Volume Controller Sample Message Event name
Low level category
Sample log message
Backup Successful
Backup Activity Succeeded
Oct 12 20:02:33 Cluster_<IP_address> IBM2145: {"typeURI": "http:// example.com/cloud/audit/1.0/ event","eventTime": "2016-10-12T20:02:30.000000+0000","tar get": {"typeURI": "service/storage/ object","id": "0","name": "username"},"observer": {"typeURI": "service/network/cluster/ logger","id": "10032004394","name": "username"},"tags": ["Backup"],"eventType": "activity","measurements": [{"metric": {"metricId": "www.example.com/svc/Cloud/ Backup_Time/0000000000/000/0","name": "Time of backup being copied or restored","unit": "YYMMDDHHMMSS"},"result": "2016/10/12/20/02/30"},{"metric": {"metricId": "www.example.com/svc/ Cloud/Backup_Generation_Number/ 0000000000/000/0","name": "Volume backup generation number","unit": "Natural Number"},"result": "1"}],"initiator": {"typeURI": "service/network/node","host": {"address": "<IP_address>"},"attachments": [{"content":"6005076400C8010E500000000 0000000","typeURI": "text/ plain","name": "volume_uuid"}],"name": "username","id": "1"},"reason": {"reasonCode": "200","reasonType": "http://www.example.com/assignments/ http-status-codes/http-statuscodes. xml"},"action": "backup","outcome": "success","id": "xxxxxxxxxxx-xxxxxxxxxx-xxx"}
Configuring IBM SAN Volume Controller to Communicate with JSA
To collect events from IBM SAN Volume Controller, you must configure IBM SAN Volume Controller (SVC) cluster to send events to JSA from a syslog server.
SVC cluster uses rsyslogd 5.8.10 on a Linux 6.4 based host.
-
Use SSH to log in to the SVC cluster command-line interface (CLI).
-
Type the following command to configure a remote syslog server to send CADF events to JSA:
svctask mksyslogserver -ip <JSA_Event_Collector_IP_Address> error <on_or_off> -warning <on_or_off> -info <on_or_off> -cadf on
The following example shows a command that is used to configure a remote syslog server to send CADF events:
svctask mksyslogserver -ip 172.0.0.1 -error on -warning on -info on -cadf o
Note:The error and warning flags are CADF event types that SVC sends to syslog servers.