Radware AppWall sample event messages
Use these sample event messages to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Radware AppWall sample messages when you use the Syslog protocol
Sample 1: The following sample event message shows that a service is stopped.
OLF6 appwall 2.1 date="05/27/2019 06:01:24 +00" milli.1=92 et=Initialization sev=notice subj="Subsystem stopped" evtid=1558936884-109 hostname=testHostName hostip=10.22.126.18 module=SystemType devtype="Stand Alone Gateway" cmip=10.22.126.18 msg="The subsystem was stopped." | QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | 1558936884-109 |
| Source IP | 10.22.126.18 |
| Device Time | 05/27/2019 06:01:24 +00 |
Sample 2: The following sample event message shows a reverse DNS lookup failure.
OLF6 appwall 2.1 date="05/27/2019 09:00:33 +00" milli.1=244 et=Initialization sev=warning subj="Reverse DNS Lookup Initialization Error" evtid=1558947633-294 hostname=testHostName hostip=10.22.126.18 module=WebApp_SubSys devtype="Stand Alone Gateway" cmip=10.22.126.18 msg="Reverse DNS Lookup operation failed to initialize.Dig Init Check failed: ;; connection timed out; no servers could be reached\n\nPrimary DNS Server: 10.22.14.135:53" | QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | 1558947633-294 |
| Source IP | 10.22.126.18 |
| Device Time | 05/27/2019 09:00:33 +00 |