Cisco CallManager sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco CallManager sample message when you use the syslog protocol

The following sample event message shows that a user is successfully added to a group.

<179>10499: : : 7454: cisco.callmanager.test Aug 21 2020 17:02:45 UTC :   %UC_CALLMANAGER-3-DeviceUnregistered: %[DeviceName=DEVICENAME][IPAddress=172.23.136.216][Protocol=SIP][DeviceType=550][Description=Description][Reason=13][IPAddrAttributes=0][UNKNOWN_PARAMNAME:LastSignalReceived=SIPStationDPrimaryLineTimeout][AppID=Cisco CallManager][ClusterID=Cluster-ID][NodeID=NODEID]: Device unregistered
Table 1. Highlighted fields
QRadar field name Highlighted payload field name
Log Source Time Aug 21 2020 17:02:45 UTC
Event ID %UC_CALLMANAGER-3-DeviceUnregistered
IP address IPAddress
Event Category AppID
Event Name Device unregistered