Cisco CallManager sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Cisco CallManager sample message when you use the syslog protocol
The following sample event message shows that a user is successfully added to a group.
<179>10499: : : 7454: cisco.callmanager.test Aug 21 2020 17:02:45 UTC : %UC_CALLMANAGER-3-DeviceUnregistered: %[DeviceName=DEVICENAME][IPAddress=172.23.136.216][Protocol=SIP][DeviceType=550][Description=Description][Reason=13][IPAddrAttributes=0][UNKNOWN_PARAMNAME:LastSignalReceived=SIPStationDPrimaryLineTimeout][AppID=Cisco CallManager][ClusterID=Cluster-ID][NodeID=NODEID]: Device unregistered
QRadar field name | Highlighted payload field name |
---|---|
Log Source Time | Aug 21 2020 17:02:45 UTC |
Event ID | %UC_CALLMANAGER-3-DeviceUnregistered |
IP address | IPAddress |
Event Category | AppID |
Event Name | Device unregistered |