Cisco Identity Services Engine sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
Cisco Identity Services Engine sample message when you use the UDP multiline syslog protocol
The following sample event shows that the endpoint failed authentication several times for the same scenario and was rejected.
<181>Aug 9 07:36:33 cisco.ise.test CISE_Failed_Attempts 0038700411 4 0 2018-08-09 07:36:33.085 +00:00 0762919669 5449 NOTICE RADIUS: Endpoint failed authentication of the same scenario several times and was rejected, ConfigVersionId=582, Device IP Address=172.23.104.125, Device Port=43017, DestinationIPAddress=172.23.100.5, DestinationPort=1812, RadiusPacketType=AccessRequest, UserName=qradar, Protocol=Radius, NetworkDeviceName=TE-ST-TES-TTE-ST1, User-Name=12a3412341b2 NAS-IP-Address=172.23.104.125, NAS-Port=8, Service-Type=Framed, Framed-MTU=1300, State=37CPMSessionID=7d6817ac01e6f8114dee6bb\;42SessionID=cisco.ise.test/319421106/32782955\;, Called-Station-ID=00-00-5E-00-53-83:LOFIMO, Calling-Station-ID=00-00-5E-00-53-A2, NAS-Identifier=TE-ST-TES-TTE-ST1 Acct-Session-Id=5b6bee4d/00:00:5E:00:53:64/33045704, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 40, Chargeable-User-Identity=\}, Location-Capable=00:00:00:01,