Amazon AWS Application Load Balancer Access Logs sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Amazon AWS Application Load Balancer Access Logs sample message

The following sample event message uses the Amazon AWS REST API protocol and shows a log entry for an HTTPS listener setup on port 443 that forwards traffic to port 80, as specified in the rule configuration.

https 2018-07-02T22:23:00.186641Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.086 0.048 0.037 200 200 0 57 "GET https://www.example.com:443/ HTTP/1.1" "curl/7.46.0" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067"Root=1-58337281-1d84f3d73c47ec4e58577259" "www.example.com" "arn:aws:acm:us-east-2:123456789012:certificate/12345678-1234-1234-1234-123456789012"1 2018-07-02T22:22:48.364000Z "authenticate,forward" "-" "-" 10.0.0.1:80 200 "-" "-"
Table 1. Highlighted values in the Amazon AWS Application Load Balancer Access Logs event payload
QRadar field name Highlighted values in the event payload
Event ID https + authenticate,forward
Source IP 192.168.131.39
Source Port 2817
Destination IP 10.0.0.1
Destination Port 80