Juniper Networks Firewall sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Juniper Networks Firewall and VPN sample message when you use the syslog protocol

The following sample event message shows that a user is successfully added to a group.

<164>TSSP-IM-VFW-008: NetScreen device_id=TSSP-IM-VFW-008  [Root]system-warning-00515: Admin user expect has logged on via Telnet from 10.12.2.5:37314 (2012-07-25 11:50:21)
Table 1. Highlighted fields
QRadar field name Highlighted payload field name
Source IP 10.12.2.5
Source Port 37314
Event Category NetScreen device_id
Event Name Admin + logged on via Telnet
Event ID Admin + user + logged on via Telnet