Orchestrator and EdgeConnect Logging
This document describes how to:
-
Access, export and understand logs generated by HPE Aruba Networking SD-WAN Orchestrator and HPE Aruba Networking EdgeConnect appliances.
-
Use log data for system diagnostics, performance monitoring, and security analysis.
It includes descriptions of syslog exports across different log types for Orchestrator and ECOS running release 9.5 with a Syslog remove receiver.
Terminology
The following table defines terms used in this guide.
| Term | Definition |
|---|---|
| Syslog | A protocol used to send system logs or messages to a specific server. |
| JSONify | The process of converting data into JSON format for easier parsing and analysis. |
| Orchestrator Logs | Logs that track actions and configurations within the Orchestrator software. |
| System Logs | Logs that record general system operations, like hardware activity or software processes. |
| Audit Logs | Logs that track user actions, changes, and events for accountability and security purposes. |
| IDS/IPS | Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), used to monitor and protect systems against malicious activity. |
| Firewall Logs | Logs that track network traffic that is allowed or blocked by firewall policies. |
| Severity Levels | Log classifications (e.g., Notice, Critical, Warning) that indicate the importance of an event. |
Getting Started
Logs are records of events and activities occurring within a system that help users:
-
Diagnose issues, such as system errors or application failures.
-
Monitor performance and ensure system reliability.
-
Identify potential security risks, including unauthorized access or intrusion attempts.
This document is for users who want to learn the basics of Orchestrator and EdgeConnect appliance logs, their types, and how to export them. It provides the following:
-
Instructions for accessing logs on Orchestrator and on EdgeConnect appliances.
-
Explanation of how logs are categorized and their purposes.
-
Sample log entries and field tables that describe the structure and content of logs.
-
Examples of JSONified logs that simplify log data for integration with tools or other analytic platforms.
Log Types
Logs are categorized into Orchestrator Logs and Appliance Logs. Each type serves a specific purpose. The following graphic shows the system integration between Orchestrator and EdgeConnect appliances and where each type of log is generated.
Orchestrator Logs
Syslog Logs – These logs are exported from Orchestrator using syslog protocols and contain information about general system operations, user actions, and alarms.
Appliance Logs
-
System Logs – These logs contain information about general system operations.
-
Audit Logs – These logs track user actions.
-
Firewall (FW) Logs – These logs contain information about firewall events.
-
IDS/IPS Logs – These logs track intrusion attempts.