Juniper Networks Firewall sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Juniper Networks Firewall and VPN sample message when you use the syslog protocol
The following sample event message shows that a user is successfully added to a group.
<164>TSSP-IM-VFW-008: NetScreen device_id=TSSP-IM-VFW-008 [Root]system-warning-00515: Admin user expect has logged on via Telnet from 10.12.2.5:37314 (2012-07-25 11:50:21)
QRadar field name | Highlighted payload field name |
---|---|
Source IP | 10.12.2.5 |
Source Port | 37314 |
Event Category | NetScreen device_id |
Event Name | Admin + logged on via Telnet |
Event ID | Admin + user + logged on via Telnet |