-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Aviatrix as a known vendor #2357
Comments
hi @wozzies please send sample events through Splunk support or to mstopa@splunk.com . Events can be anonymised |
Hi,
Since we can't get logs into our sc4s server, we haven't been able to get a
viable pcap from Aviatrix. I have included a file containing sample events
provided by Aviatrix.
…On Wed, Feb 28, 2024 at 8:57 AM mstopa-splunk ***@***.***> wrote:
hi @wozzies <https://github.com/wozzies> please send sample events
through Splunk support or to ***@***.*** . Events can be anonymised
—
Reply to this email directly, view it on GitHub
<#2357 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BFX2OSCSR67FXE5PHZJTHNTYV4ZVRAVCNFSM6AAAAABD4WR2RKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRZGA2DCMZQGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Attachment included on this email
On Mon, Mar 11, 2024 at 1:28 PM Whitney Gray ***@***.***>
wrote:
Hi,
Since we can't get logs into our sc4s server, we haven't been able to get
a viable pcap from Aviatrix. I have included a file containing sample
events provided by Aviatrix.
On Wed, Feb 28, 2024 at 8:57 AM mstopa-splunk ***@***.***>
wrote:
> hi @wozzies <https://github.com/wozzies> please send sample events
> through Splunk support or to ***@***.*** . Events can be anonymised
>
> —
> Reply to this email directly, view it on GitHub
> <#2357 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/BFX2OSCSR67FXE5PHZJTHNTYV4ZVRAVCNFSM6AAAAABD4WR2RKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRZGA2DCMZQGI>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
Aug 17 22:07:39 ip-172-31-46-24 cloudx_cli: AviatrixVPNSession:
User=demo, Status=active, Gateway=demo, GatewayIP=52.52.76.149,
VPNVirtualIP=192.168.0.6, PublicIP=N/A, Login=2016-08-17 22:07:38, Logout=N/A,
Duration=N/A, RXbytes=N/A, TXbytes=N/A
Aug 17 22:26:37 ip-172-31-46-24 cloudx_cli: AviatrixVPNSession:
User=demo, Status=disconnected, Gateway=demo,
GatewayIP=52.52.76.149, VPNVirtualIP=192.168.0.6, PublicIP=N/A,
Login=2016-08-17 22:07:38, Logout=2016-08-17 22:26:37, Duration=0:0:18:59,
RXbytes=2.1 MB, TXbytes=9.03 MB
2019-04-10T23:33:47.217018+00:00 ip-10-240-0-44 kernel: [ 4976.320353] AvxRl gw1 D:IN=eth0 OUT=eth0 MAC=02:bd:e5:4f:d0:e2:02:d8:14:81:fc:48:08:00 SRC=10.240.1.60 DST=10.230.1.23 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=45312 DF PROTO=ICMP TYPE=8 CODE=0 ID=2833 SEQ=1
2019-04-10T23:34:47.602166+00:00 ip-10-240-0-44 kernel: [ 5036.705845] AvxRl StatfulGW2 A:IN=eth0 OUT=eth0 MAC=02:bd:e5:4f:d0:e2:02:d8:14:81:fc:48:08:00 SRC=10.240.1.60 DST=10.230.1.23 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=48453 DF PROTO=ICMP TYPE=8 CODE=0 ID=2834 SEQ=1
2022-05-25T15:57:43.088860+00:00 ip-10-4-179-71 /usr/local/bin/avx-gw-state-sync[1168]: 2022/05/25 15:57:43 AviatrixGwMicrosegPacket:
POLICY=54ea65c4-313e-4b3d-8db3-1ecc4f0981db SRC_MAC=16:06:11:d7:a1:11 DST_MAC=16:54:ec:50:09:17 IP_SZ=84 SRC_IP=10.4.187.253 DST_IP=10.5.144.38
PROTO=ICMP SRC_PORT=0 DST_PORT=0 DATA=0x ACT=PERMIT ENFORCED=true
2020-06-09T17:29:31.372628+00:00 GW-test-10.23.183.116 perfmon.py: AviatrixGwNetStats:
timestamp=2020-06-09T17:29:31.371791 name=test public_ip=10.23.183.116.fifo private_ip=172.31.78.160
interface=eth0 total_rx_rate=10.06Kb total_tx_rate=12.77Kb total_rx_tx_rate=2.85Kb
total_rx_cum=207.16MB total_tx_cum=1.2MB total_rx_tx_cum=208.36
2020-06-12T08:30:09.297478+00:00 GW-test-10.23.183.116 perfmon.py: AviatrixGwNetStats:
timestamp=2020-06-12T08:30:09.296752 name=test public_ip=10.23.183.116.fifo private_ip=172.31.78.160
interface=eth0 total_rx_rate=8.84Kb total_tx_rate=8.45Kb total_rx_tx_rate=17.29Kb
total_rx_cum=4.63MB total_tx_cum=6.8MB total_rx_tx_cum=11.44MB
2020-06-09T17:29:31.372822+00:00 GW-test-10.23.183.116 perfmon.py: AviatrixGwSysStats:
timestamp=2020-06-09T17:29:31.371791 name=test cpu_idle=68
memory_free=414640 memory_available=1222000 memory_total=1871644
disk_total=16197524 disk_free=10982084
2020-06-12T08:22:09.295660+00:00 GW-test-10.23.183.116 perfmon.py: AviatrixGwSysStats:
timestamp=2020-06-12T08:22:09.294333 name=test cpu_idle=99
memory_free=919904 memory_available=1264792 memory_total=1871644
disk_total=16197524 disk_free=11409716
2019-12-12T04:33:46.892381+00:00 ip-172-32-0-6 avx-nfq: AviatrixFQDNRule2[CRIT]nfq_ssl_handle_client_hello() L#281 Gateway=spoke1-fqdn S_IP=172.32.1.144 D_IP=52.218.234.41 hostname=aviatrix-download.s3-us-west-2.amazonaws.com state=MATCHED Rule=*.amazonaws.com;1
2019-12-12T04:36:53.173210+00:00 ip-172-32-0-6 avx-nfq: AviatrixFQDNRule1[CRIT]nfq_ssl_handle_client_hello() L#281 Gateway=spoke1-fqdn S_IP=172.32.1.144 D_IP=98.137.246.7 hostname=www.yahoo.com state=NO_MATCH drop_reason=NOT_WHITELISTED
2019-11-30T15:44:52.718808+00:00 ip-172-32-0-226 cloudxd: AviatrixTunnelStatusChange: src_gw=oregon-transit(AWS us-west-2) dst_gw=100.20.53.124(NA NA) old_state=Down new_state=Up
2019-11-19T20:13:44.585942+00:00 ip-172-32-0-226 cloudxd: AviatrixCMD: action=USERCONNECT_UPGRADE_TO_VERSION, argv=['--rtn_file', '/run/shm/rtn957594707', 'userconnect_upgrade_to_version', 'upgrade-status', ''], result=Success, reason=, username=admin
2019-11-19T18:01:59.796230+00:00 ip-172-32-0-226 cloudxd: AviatrixCMD: action=TRANSIT_SPOKE_LIST, argv=['--rtn_file', '/run/shm/rtn2091225061', 'transit_spoke_list', '--spoke_only'], result=Success, reason=, username=admin
2020-03-29T00:09:13.201669+00:00 ip-10-88-1-63 cloudxd: AviatrixGatewayStatusChanged: status=down gwname=EMEA-ENG-VPNGateway
|
It looks like the parser for this has been created. How can I get that updated applied to our sc4s instance in order to get the aviatrix logs in? |
hello @wozzies we will release it on Monday, I will let you know which version to upgrade to |
Wonderful, thanks! |
released in v3.25.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the sc4s version ?
3.19.0
Is there a pcap available?
no, but sample syslog events available
What the vendor name?
Aviatrix
What's the product name?
Aviatrix Gateway
Aviatrix Controller
** Feature Request description: **
Add Aviatrix to the known vendors list
** Should it support TCP or UDP?**
Both
** Do you want to have it for local usage or prepare a github PR? **
Included in the next upgrade
The text was updated successfully, but these errors were encountered: