F5 Networks BIG-IP LTM sample event messages
Use these sample event messages as a way of verifying a successful integration with QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
F5 Networks BIG-IP LTM sample event messages when you use the Syslog protocol
Sample 1: The following sample event message shows a Pool member's monitor status.
<133>Nov 5 14:01:50 f5networks.bigip.test notice mcpd[5281]: 01070638:5: Pool member 2001:20:5004:1606::89:8790 monitor status down.
QRadar field name | Highlighted payload field name |
---|---|
Event ID | 01070638 is extracted from the event. |
Destination IP v6 | 2001:20:5004:1606::89 is extracted from the event. |
Destination Port | 8790 is extracted from the event. |
Device Time | Nov 5 14:01:50 is extracted from the event. |
Sample 2: The following sample event message shows that IP-INTELLIGENCE accepted a packet.
<134>Apr 23 08:16:55 f5networks.bigip.test info tmm[1286]: 23003142 "","10.240.252.242","hostname.test","","","","Virtual Server","/Common/TEST-TESTA.AA.local_HTTPS_VIP","/Common/IP-Intelligence-ALL","192.168.146.233","10.243.32.100","47707","443","/Common/VLAN-332","TCP","0","scanners,windows_exploits,spam_sources","Accept","custom_category","","","","","","","","","","0000000000000000"
QRadar field name | Highlighted payload field name |
---|---|
Event ID | Accept is extracted from the event. |
Source IP | 192.168.146.233 is extracted from the event. |
Source Port | 47707 is extracted from the event. |
Destination IP | 10.243.32.100 is extracted from the event. |
Destination Port | 443 is extracted from the event. |
Protocol | TCP is extracted from the event. |
Device Time | Apr 23 08:16:55 is extracted from the event. |