Amazon AWS Application Load Balancer Access Logs sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Amazon AWS Application Load Balancer Access Logs sample message
The following sample event message uses the Amazon AWS REST API protocol and shows a log entry for an HTTPS listener setup on port 443 that forwards traffic to port 80, as specified in the rule configuration.
https 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.086 0.048 0.037 200 200 0 57 "GET https://www.example.com:443/ HTTP/1.1" "curl/7.46.0" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067"Root=1-58337281-1d84f3d73c47ec4e58577259" "www.example.com" "arn:aws:acm:us-east-2:123456789012:certificate/12345678-1234-1234-1234-123456789012"1 2018-07-02T22:22:48.364000Z "authenticate,forward" "-" "-" 10.0.0.1:80 200 "-" "-"
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | https + authenticate,forward |
Source IP | 192.168.131.39 |
Source Port | 2817 |
Destination IP | 10.0.0.1 |
Destination Port | 80 |