Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

IBM SAN Volume Controller

The JSA DSM for IBM SAN Volume Controller collects events from IBM SAN Volume Controller.

Note:

This DSM supports only the Cloud Auditing Data Federation (CADF) event format that includes monitoring and protection related to cloud account's create, update, removal and cloud backup activity events from IBM SAN Volume Controller.

The following table describes the specifications for the IBM SAN Volume Controller DSM:

Table 1: IBM SAN Volume Controller DSM Specifications

Specification

Value

Manufacturer

IBM

DSM name

IBM SAN Volume Controller

RPM file name

DSM-IBMSANVolumeController-JSA_version-build_number .noarch.rpm

Supported versions

N/A

Protocol

Syslog

Event format

CADF

Recorded event types

activity, control, and monitor audit events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

IBM SAN Volume Controller website (http://www-03.ibm.com/systems/storage/software/virtualization/svc/)

To integrate IBM SAN Volume Controller with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads, in the order that they are listed, on your JSA console:

    • DSMCommon RPM

    • IBM SAN Volume Controller DSM RPM

  2. Configure your IBM SAN Volume Controller server to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add an IBM SAN Volume Controller log source on the JSA console. The following table describes the parameters that require specific values for IBM SAN Volume Controller event collection:

    Table 2: IBM SAN Volume Controller Log Source Parameters

    Parameter

    Value

    Log Source type

    IBM SAN Volume Controller

    Protocol Configuration

    Syslog

    Log Source Identifier

    The IP address or host name of the IBM SAN Volume Controller server.

  4. To verify that JSA is configured correctly, review the following table to see an example of a parsed event message.

    Note:

    Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

    The following table shows a sample event message for IBM SAN Volume Controller:

    Table 3: IBM SAN Volume Controller Sample Message

    Event name

    Low level category

    Sample log message

    Backup Successful

    Backup Activity Succeeded

    Oct 12 20:02:33 Cluster_<IP_address>
    IBM2145: {"typeURI": "http://
    example.com/cloud/audit/1.0/
    event","eventTime":
    "2016-10-12T20:02:30.000000+0000","tar
    get": {"typeURI": "service/storage/
    object","id": "0","name":
    "username"},"observer": {"typeURI":
    "service/network/cluster/
    logger","id": "10032004394","name":
    "username"},"tags":
    ["Backup"],"eventType":
    "activity","measurements":
    [{"metric": {"metricId":
    "www.example.com/svc/Cloud/
    Backup_Time/0000000000/000/0","name":
    "Time of backup being copied or
    restored","unit":
    "YYMMDDHHMMSS"},"result":
    "2016/10/12/20/02/30"},{"metric":
    {"metricId": "www.example.com/svc/
    Cloud/Backup_Generation_Number/
    0000000000/000/0","name": "Volume
    backup generation number","unit":
    "Natural Number"},"result":
    "1"}],"initiator": {"typeURI":
    "service/network/node","host":
    {"address":
    "<IP_address>"},"attachments":
    [{"content":"6005076400C8010E500000000
    0000000","typeURI": "text/
    plain","name":
    "volume_uuid"}],"name":
    "username","id": "1"},"reason":
    {"reasonCode": "200","reasonType":
    "http://www.example.com/assignments/
    http-status-codes/http-statuscodes.
    xml"},"action":
    "backup","outcome": "success","id":
    "xxxxxxxxxxx-xxxxxxxxxx-xxx"}

Configuring IBM SAN Volume Controller to Communicate with JSA

To collect events from IBM SAN Volume Controller, you must configure IBM SAN Volume Controller (SVC) cluster to send events to JSA from a syslog server.

SVC cluster uses rsyslogd 5.8.10 on a Linux 6.4 based host.

  1. Use SSH to log in to the SVC cluster command-line interface (CLI).

  2. Type the following command to configure a remote syslog server to send CADF events to JSA:

    svctask mksyslogserver -ip <JSA_Event_Collector_IP_Address> error <on_or_off> -warning <on_or_off> -info <on_or_off> -cadf on

    The following example shows a command that is used to configure a remote syslog server to send CADF events:

    svctask mksyslogserver -ip 172.0.0.1 -error on -warning on -info on -cadf o

    Note:

    The error and warning flags are CADF event types that SVC sends to syslog servers.