Need decoder for log file

29 views
Skip to first unread message

ekta dhussa

unread,
May 18, 2026, 3:38:43 AM (5 days ago) May 18
to Wazuh | Mailing List

need dcoders for these logs in wazuh xml format

2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] processing pkt from uplink = vmnic10 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 1, tlvLen 32, bytesLeft 448. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 5, tlvLen 259, bytesLeft 416. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] string truncated to 128: Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.6.5, RELEASE SOFTWARE (fc2) 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: Technical Support: http://www.cisco.com/techsupport 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: Copyright (c) 1986-2023 by Cisco Systems, Inc. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: Compiled Wed 25-Jan-23 13:34 by mcpre 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 6, tlvLen 19, bytesLeft 157. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 2, tlvLen 17, bytesLeft 138. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 3, tlvLen 25, bytesLeft 121. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4, tlvLen 8, bytesLeft 96. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 9, tlvLen 11, bytesLeft 88. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 10, tlvLen 6, bytesLeft 77. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 11, tlvLen 5, bytesLeft 71. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 18, tlvLen 5, bytesLeft 66. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 18 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 19, tlvLen 5, bytesLeft 61. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 19 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 22, tlvLen 17, bytesLeft 56. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4105, tlvLen 39, bytesLeft 39. 2026-05-08T00:00:46.405Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 39 or type 4105 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011timeToLive 180 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011cdpVersion 2 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011deviceIdent BLR-DC-R1-1G-SW2.test.com 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011ipAddress 111.2219.8 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011portIdent GigabitEthernet1/0/25 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011capabilities 0x28 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011version unknown 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011platform cisco C9200-48T 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefix 0x0 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefixLen 0 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011vtpDomain test 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011nativeVlan 10 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011duplex 1 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011mtu 0 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011systemName 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011systemOID 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011mgmtAddr 111.2219.8 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] #011location 2026-05-08T00:00:46.406Z inesxiprd1 net-cdp[2099683]: [info] set state 2026-05-08T00:00:46.694Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=35c765ad-39] [VpxLRO] -- BEGIN lro-8115558 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:46.712Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=35c765ad-39] [VpxLRO] -- FINISH lro-8115558 2026-05-08T00:00:47.343Z inesxiprd1 Vpxa[2114569]: [Originator@6876 sub=vpxLro opID=315fd6b5-2e] [VpxLRO] -- BEGIN lro-8115559 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:47.377Z inesxiprd1 Vpxa[2114569]: [Originator@6876 sub=vpxLro opID=315fd6b5-2e] [VpxLRO] -- FINISH lro-8115559 2026-05-08T00:00:47.786Z inesxiprd1 Vpxa[2099759]: [Originator@6876 sub=vpxLro opID=78d0aa55-11] [VpxLRO] -- BEGIN lro-8115560 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:47.790Z inesxiprd1 Vpxa[2099759]: [Originator@6876 sub=vpxLro opID=78d0aa55-11] [VpxLRO] -- FINISH lro-8115560 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] processing pkt from uplink = vmnic2 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 1, tlvLen 32, bytesLeft 448. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 5, tlvLen 259, bytesLeft 416. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] string truncated to 128: Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.6.5, RELEASE SOFTWARE (fc2) 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: Technical Support: http://www.cisco.com/techsupport 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: Copyright (c) 1986-2023 by Cisco Systems, Inc. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: Compiled Wed 25-Jan-23 13:34 by mcpre 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 6, tlvLen 19, bytesLeft 157. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 2, tlvLen 17, bytesLeft 138. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 3, tlvLen 25, bytesLeft 121. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4, tlvLen 8, bytesLeft 96. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 9, tlvLen 11, bytesLeft 88. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 10, tlvLen 6, bytesLeft 77. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 11, tlvLen 5, bytesLeft 71. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 18, tlvLen 5, bytesLeft 66. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 18 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 19, tlvLen 5, bytesLeft 61. 2026-05-08T00:00:48.155Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 19 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 22, tlvLen 17, bytesLeft 56. 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4105, tlvLen 39, bytesLeft 39. 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 39 or type 4105 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011timeToLive 180 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011cdpVersion 2 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011deviceIdent BLR-DC-R1-1G-SW1.test.com 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011ipAddress 111.2219.7 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011portIdent GigabitEthernet1/0/25 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011capabilities 0x28 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011version unknown 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011platform cisco C9200-48T 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefix 0x0 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefixLen 0 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011vtpDomain test 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011nativeVlan 10 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011duplex 1 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011mtu 0 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011systemName 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011systemOID 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011mgmtAddr 111.2219.7 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] #011location 2026-05-08T00:00:48.156Z inesxiprd1 net-cdp[2099683]: [info] set state 2026-05-08T00:00:48.373Z inesxiprd1 Vpxa[2100070]: [Originator@6876 sub=vpxLro opID=725c09bd-53] [VpxLRO] -- BEGIN lro-8115561 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:48.380Z inesxiprd1 storageRM[2099063]: Could not get state for NFS volume VeeamBackup_inbackup02.test.com 2026-05-08T00:00:48.381Z inesxiprd1 storageRM[2099063]: Could not get state for NFS volume ISOLibrary-NetApp 2026-05-08T00:00:48.400Z inesxiprd1 Vpxa[2100070]: [Originator@6876 sub=vpxLro opID=725c09bd-53] [VpxLRO] -- FINISH lro-8115561 2026-05-08T00:00:48.594Z inesxiprd1 Vpxa[2099749]: [Originator@6876 sub=vpxLro opID=37aacf91-92] [VpxLRO] -- BEGIN lro-8115562 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:48.623Z inesxiprd1 Vpxa[2099749]: [Originator@6876 sub=vpxLro opID=37aacf91-92] [VpxLRO] -- FINISH lro-8115562 2026-05-08T00:00:48.772Z inesxiprd1 sdrsInjector[2099068]: Could not get state for NFS volume VeeamBackup_inbackup02.test.com 2026-05-08T00:00:48.772Z inesxiprd1 sdrsInjector[2099068]: Could not get state for NFS volume ISOLibrary-NetApp 2026-05-08T00:00:48.963Z inesxiprd1 Vpxa[2122471]: [Originator@6876 sub=vpxLro opID=25788d46-e4] [VpxLRO] -- BEGIN lro-8115563 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:48.984Z inesxiprd1 Vpxa[2122471]: [Originator@6876 sub=vpxLro opID=25788d46-e4] [VpxLRO] -- FINISH lro-8115563 2026-05-08T00:00:49.379Z inesxiprd1 Vpxa[2100070]: [Originator@6876 sub=vpxLro opID=d8301e2-76] [VpxLRO] -- BEGIN lro-8115564 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:49.382Z inesxiprd1 Vpxa[2100070]: [Originator@6876 sub=vpxLro opID=d8301e2-76] [VpxLRO] -- FINISH lro-8115564 2026-05-08T00:00:49.777Z inesxiprd1 Vpxa[2099755]: [Originator@6876 sub=vpxLro opID=13f0a35c-7a] [VpxLRO] -- BEGIN lro-8115565 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:49.823Z inesxiprd1 Vpxa[2099755]: [Originator@6876 sub=vpxLro opID=13f0a35c-7a] [VpxLRO] -- FINISH lro-8115565 2026-05-08T00:00:49.988Z inesxiprd1 Vpxa[2099772]: [Originator@6876 sub=vpxLro opID=1b74f73e-54] [VpxLRO] -- BEGIN lro-8115566 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:50.009Z inesxiprd1 Vpxa[2099772]: [Originator@6876 sub=vpxLro opID=1b74f73e-54] [VpxLRO] -- FINISH lro-8115566 2026-05-08T00:00:50.804Z inesxiprd1 Vpxa[2100071]: [Originator@6876 sub=vpxLro opID=6e545b49-cd] [VpxLRO] -- BEGIN lro-8115567 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:50.818Z inesxiprd1 Vpxa[2100071]: [Originator@6876 sub=vpxLro opID=6e545b49-cd] [VpxLRO] -- FINISH lro-8115567 2026-05-08T00:00:43.099Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 4471 22442 31 31 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "7bd5712f" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:43.570Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2711 13120 22 21 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "765ae7ce" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:44.208Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2710 15390 25 25 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "7f0d36df" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:45.463Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 4470 11489 15 15 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "cb35a0a" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:45.749Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 31341 392 10 9 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "Hj-Specnc-host-68214@1485670-5c59f" "SetConfigVpxa" 2026-05-08T00:00:46.691Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2711 12065 20 20 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "35c765ad" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:47.341Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 1817 27272 36 36 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "315fd6b5" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:47.784Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2710 436 6 5 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "78d0aa55" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:48.371Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 4469 24397 29 29 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "725c09bd" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:48.592Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 4471 24667 30 30 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "37aacf91" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:48.961Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2711 16147 23 23 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "25788d46" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:49.377Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2710 436 5 4 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "d8301e2" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:49.774Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 8923 54289 48 48 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "13f0a35c" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:49.986Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 3718 15823 23 23 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "1b74f73e" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:50.802Z inesxiprd1 envoy-access[2098941]: POST /hgw/host-68214/vpxa HTTP/1.1 200 via_upstream - 2711 11492 15 15 0 111.2231.80:34044 TLSv1.2 111.2231.71:443 127.0.0.1:41792 - 127.0.0.1:8089 "6e545b49" "QueryBatchPerformanceStatisticsVpxa" 2026-05-08T00:00:51.886Z inesxiprd1 Vpxa[2099749]: [Originator@6876 sub=vpxLro opID=5555ad1c-df] [VpxLRO] -- BEGIN lro-8115568 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:51.889Z inesxiprd1 Vpxa[2099749]: [Originator@6876 sub=vpxLro opID=5555ad1c-df] [VpxLRO] -- FINISH lro-8115568 2026-05-08T00:00:52.298Z inesxiprd1 Vpxa[2099771]: [Originator@6876 sub=vpxLro opID=54139552-e3] [VpxLRO] -- BEGIN lro-8115569 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:52.318Z inesxiprd1 Vpxa[2099771]: [Originator@6876 sub=vpxLro opID=54139552-e3] [VpxLRO] -- FINISH lro-8115569 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] processing pkt from uplink = vmnic9 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 1, tlvLen 32, bytesLeft 448. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 5, tlvLen 259, bytesLeft 416. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] string truncated to 128: Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.6.5, RELEASE SOFTWARE (fc2) 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: Technical Support: http://www.cisco.com/techsupport 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: Copyright (c) 1986-2023 by Cisco Systems, Inc. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: Compiled Wed 25-Jan-23 13:34 by mcpre 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 6, tlvLen 19, bytesLeft 157. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 2, tlvLen 17, bytesLeft 138. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 3, tlvLen 25, bytesLeft 121. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4, tlvLen 8, bytesLeft 96. 2026-05-08T00:00:53.306Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 9, tlvLen 11, bytesLeft 88. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 10, tlvLen 6, bytesLeft 77. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 11, tlvLen 5, bytesLeft 71. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 18, tlvLen 5, bytesLeft 66. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 18 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 19, tlvLen 5, bytesLeft 61. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 19 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 22, tlvLen 17, bytesLeft 56. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4105, tlvLen 39, bytesLeft 39. 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 39 or type 4105 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011timeToLive 180 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011cdpVersion 2 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011deviceIdent BLR-DC-R1-1G-SW2.test.com 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011ipAddress 111.2219.8 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011portIdent GigabitEthernet1/0/13 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011capabilities 0x28 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011version unknown 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011platform cisco C9200-48T 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefix 0x0 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011ipPrefixLen 0 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011vtpDomain test 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011nativeVlan 3910 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011duplex 1 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011mtu 0 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011systemName 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011systemOID 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011mgmtAddr 111.2219.8 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011mgmt ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] #011location 2026-05-08T00:00:53.307Z inesxiprd1 net-cdp[2099683]: [info] set state 2026-05-08T00:00:54.231Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=2ebf3685-4c] [VpxLRO] -- BEGIN lro-8115570 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:54.234Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=2ebf3685-4c] [VpxLRO] -- FINISH lro-8115570 2026-05-08T00:00:54.623Z inesxiprd1 Vpxa[2100071]: [Originator@6876 sub=vpxLro opID=b946dbd-8a] [VpxLRO] -- BEGIN lro-8115571 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:54.639Z inesxiprd1 Vpxa[2100071]: [Originator@6876 sub=vpxLro opID=b946dbd-8a] [VpxLRO] -- FINISH lro-8115571 2026-05-08T00:00:54.825Z inesxiprd1 Vpxa[2099774]: [Originator@6876 sub=vpxLro opID=3db0993b-7] [VpxLRO] -- BEGIN lro-8115572 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:54.843Z inesxiprd1 Vpxa[2099774]: [Originator@6876 sub=vpxLro opID=3db0993b-7] [VpxLRO] -- FINISH lro-8115572 2026-05-08T00:00:55.050Z inesxiprd1 Vpxa[2099757]: [Originator@6876 sub=vpxLro opID=496f7fb8-71] [VpxLRO] -- BEGIN lro-8115573 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:55.068Z inesxiprd1 Vpxa[2099757]: [Originator@6876 sub=vpxLro opID=496f7fb8-71] [VpxLRO] -- FINISH lro-8115573 2026-05-08T00:00:55.546Z inesxiprd1 Fdm[79033603]: [Originator@6876 sub=HTTP.HTTPService] HTTP Response: Auto-completing at 118/118 bytes; <<io_obj p:0x00000038c7803ab0, h:17, <TCP '127.0.0.1 : 9089'>, <TCP '127.0.0.1 : 36351'>>, 52308183-e3f3-2f23-4062-7e783a59759f> 2026-05-08T00:00:55.546Z inesxiprd1 Fdm[79033603]: [Originator@6876 sub=SOAP] Responded to service state request; <<io_obj p:0x00000038c7803ab0, h:17, <TCP '127.0.0.1 : 9089'>, <TCP '127.0.0.1 : 36351'>>, /fdm/service> 2026-05-08T00:00:55.689Z inesxiprd1 Vpxa[2099762]: [Originator@6876 sub=vpxLro opID=9908196-89] [VpxLRO] -- BEGIN lro-8115574 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:55.706Z inesxiprd1 Vpxa[2099762]: [Originator@6876 sub=vpxLro opID=9908196-89] [VpxLRO] -- FINISH lro-8115574 2026-05-08T00:00:55.897Z inesxiprd1 Vpxa[2099756]: [Originator@6876 sub=vpxLro opID=6e2ba3c1-d1] [VpxLRO] -- BEGIN lro-8115575 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:55.900Z inesxiprd1 Vpxa[2099756]: [Originator@6876 sub=vpxLro opID=6e2ba3c1-d1] [VpxLRO] -- FINISH lro-8115575 2026-05-08T00:00:56.060Z inesxiprd1 Vpxa[61473416]: [Originator@6876 sub=vpxLro opID=730c0c68-3f] [VpxLRO] -- BEGIN lro-8115576 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:56.105Z inesxiprd1 Vpxa[61473416]: [Originator@6876 sub=vpxLro opID=730c0c68-3f] [VpxLRO] -- FINISH lro-8115576 2026-05-08T00:00:56.268Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=77394c93-6] [VpxLRO] -- BEGIN lro-8115577 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:56.272Z inesxiprd1 Vpxa[61473415]: [Originator@6876 sub=vpxLro opID=77394c93-6] [VpxLRO] -- FINISH lro-8115577 2026-05-08T00:00:56.618Z inesxiprd1 Vpxa[2122471]: [Originator@6876 sub=vpxLro opID=7adb18a7-b8] [VpxLRO] -- BEGIN lro-8115578 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:56.654Z inesxiprd1 Vpxa[2122471]: [Originator@6876 sub=vpxLro opID=7adb18a7-b8] [VpxLRO] -- FINISH lro-8115578 2026-05-08T00:00:57.308902+00:00 rwscloudvc vpxd-main 2026-05-08T00:00:57.308Z warning vpxd[12082] [Originator@6876 sub=StatsRegistry opID=PollQuickStatsLoop-1362342d] No managed dpus present; Skipping fetch for host: [vim.HostSystem:host-68214,inesxiprd1.test.com] 2026-05-08T00:00:57.315Z inesxiprd1 Vpxa[2099750]: [Originator@6876 sub=vpxLro opID=PollQuickStatsLoop-1362342d-f6] [VpxLRO] -- BEGIN lro-8115579 -- vpxa -- vpxapi.VpxaService.fetchQuickStats -- 52533982-18bc-fd76-6945-d580b0f93090 2026-05-08T00:00:57.316Z inesxiprd1 Vpxa[2099750]: [Originator@6876 sub=vpxLro opID=PollQuickStatsLoop-1362342d-f6] [VpxLRO] -- FINISH lro-8115579 2026-05-08T00:00:57.847Z inesxiprd1 Fdm[79034067]: [Originator@6876 sub=vpxLro opID=66a2db10] [VpxLRO] -- BEGIN lro-238476 -- fdmService -- csi.FdmService.setHeartBeat -- 52308183-e3f3-2f23-4062-7e783a59759f 2026-05-08T00:00:57.847Z inesxiprd1 Fdm[79034067]: [Originator@6876 sub=vpxLro opID=66a2db10] [VpxLRO] -- FINISH lro-238476 2026-05-08T00:00:58.123Z inesxiprd1 vmkernel: cpu4:2098520)SunRPC: 1100: Destroying world 0x7c0e6fe 2026-05-08T00:00:59.217Z inesxiprd1 net-cdp[2099683]: [info] processing pkt from uplink = vmnic0 2026-05-08T00:00:59.217Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 1, tlvLen 32, bytesLeft 447. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 5, tlvLen 259, bytesLeft 415. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] string truncated to 128: Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.6.5, RELEASE SOFTWARE (fc2) 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: Technical Support: http://www.cisco.com/techsupport 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: Copyright (c) 1986-2023 by Cisco Systems, Inc. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: Compiled Wed 25-Jan-23 13:34 by mcpre 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 6, tlvLen 19, bytesLeft 156. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 2, tlvLen 17, bytesLeft 137. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 3, tlvLen 24, bytesLeft 120. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4, tlvLen 8, bytesLeft 96. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 9, tlvLen 11, bytesLeft 88. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 10, tlvLen 6, bytesLeft 77. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 11, tlvLen 5, bytesLeft 71. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 18, tlvLen 5, bytesLeft 66. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 18 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 19, tlvLen 5, bytesLeft 61. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 5 or type 19 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 22, tlvLen 17, bytesLeft 56. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] Found CDPDU tlvType 4105, tlvLen 39, bytesLeft 39. 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [error] bad frame: invalid TLV length 39 or type 4105 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011timeToLive 180 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011cdpVersion 2 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011deviceIdent BLR-DC-R1-1G-SW1.test.com 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011ipAddress 111.2219.7 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 link-local address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011ipv6 Global unicast address 0000:0000:0000:0000:0000:0000:0000:0000 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011portIdent GigabitEthernet1/0/1 2026-05-08T00:00:59.218Z inesxiprd1 net-cdp[2099683]: [info] #011capabilities 0x28

hasitha.u...@wazuh.com

unread,
May 18, 2026, 3:44:38 AM (5 days ago) May 18
to Wazuh | Mailing List
Hi ekta

Please allow me some time; I’m currently looking into this and will get back to you with an update as soon as possible.

hasitha.u...@wazuh.com

unread,
May 18, 2026, 5:44:36 AM (5 days ago) May 18
to Wazuh | Mailing List
Hi ekta

I have created custom decoders for your sample logs. You can add these decoders to a custom decoder file and validate with the /var/ossec/bin/wazuh-logtest

nano /var/ossec/etc/decoders/local_decoder.xml

  1. <decoder name="myapp">
  2.   <program_name>^net-cdp$|^Vpxa$|^storageRM$|^envoy-access$</program_name>
  3. </decoder>
  4.  
  5. <decoder name="myapp-event">
  6.   <parent>myapp</parent>
  7.   <regex>[(\S+)]\s</regex>
  8.   <order>loglevel</order>
  9. </decoder>
  10.  
  11. <decoder name="myapp-event">
  12.   <parent>myapp</parent>
  13.   <regex>[\S+]\s\s\s\s\s(\.+)|(\.+)</regex>
  14.   <order>message</order>
  15. </decoder>
  16.  
  17. <decoder name="myapp-event">
  18.   <parent>myapp</parent>
  19.   <regex>sub=(\S+)</regex>
  20.   <order>sub</order>
  21. </decoder>
  22.  
  23. <decoder name="myapp-event">
  24.   <parent>myapp</parent>
  25.   <regex>opID=(\S+)</regex>
  26.   <order>opID</order>
  27. </decoder>
  28.  
  29. <decoder name="myapp-event">
  30.   <parent>myapp</parent>
  31.   <regex>opID=(\S+)</regex>
  32.   <order>id</order>
  33. </decoder>

Make sure to restart the Wazuh manager to apply changes.
systemctl restart wazuh-manager

If you need further improvement by adding child decoders, you can check the decoder guide for more details.
Let me know if you need further assistance on this, so I can check further.
Reply all
Reply to author
Forward
0 new messages