Cisco Identity Services Engine sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage returns or line feed characters.

Cisco Identity Services Engine sample message when you use the UDP multiline syslog protocol

The following sample event shows that the endpoint failed authentication several times for the same scenario and was rejected.

<181>Aug  9 07:36:33 cisco.ise.test CISE_Failed_Attempts 0038700411 4 0 2018-08-09 07:36:33.085 +00:00 0762919669 5449 NOTICE RADIUS: Endpoint failed authentication of the same scenario several times and was rejected, ConfigVersionId=582, Device IP Address=172.23.104.125, Device Port=43017, DestinationIPAddress=172.23.100.5, DestinationPort=1812, RadiusPacketType=AccessRequest, UserName=qradar, Protocol=Radius, NetworkDeviceName=TE-ST-TES-TTE-ST1, User-Name=12a3412341b2 NAS-IP-Address=172.23.104.125, NAS-Port=8, Service-Type=Framed, Framed-MTU=1300, State=37CPMSessionID=7d6817ac01e6f8114dee6bb\;42SessionID=cisco.ise.test/319421106/32782955\;, Called-Station-ID=00-00-5E-00-53-83:LOFIMO, Calling-Station-ID=00-00-5E-00-53-A2, NAS-Identifier=TE-ST-TES-TTE-ST1 Acct-Session-Id=5b6bee4d/00:00:5E:00:53:64/33045704, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 40, Chargeable-User-Identity=\}, Location-Capable=00:00:00:01,