Cisco ASA sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco ASA sample message when you use the Syslog protocol

The following sample event message shows that the Internet Key Exchange (IKE) protocol obtained an address for the client private IP address from DHCP, or from the address pool. The sample event message also shows that the IP address is assigned to the client.

Aug 11 08:10:34 cisco.asa.test %ASA-6-713228: Group = groupx, Username = userx, IP = 192.0.2.10, Assigned private IP address 192.0.2.11 to remote user 
Table 1. QRadar field names and highlighted values in the event payload
QRadar field name Highlighted values in the event payload
Event ID 713228
Source IP 192.0.2.10
Username userx
Post NAT Source IP 192.0.2.11
Identity IP 192.0.2.11
Identity Group Name groupx
Identity Username userx
Device Time Aug 11 08:10:34