F5 Networks BIG-IP LTM sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

F5 Networks BIG-IP LTM sample event messages when you use the Syslog protocol

Sample 1: The following sample event message shows a Pool member's monitor status.

<133>Nov  5 14:01:50 f5networks.bigip.test notice mcpd[5281]: 01070638:5: Pool member 2001:20:5004:1606::89:8790 monitor status down.
Table 1. Highlighted fields
QRadar field name Highlighted payload field name
Event ID 01070638 is extracted from the event.
Destination IP v6 2001:20:5004:1606::89 is extracted from the event.
Destination Port 8790 is extracted from the event.
Device Time Nov 5 14:01:50 is extracted from the event.

Sample 2: The following sample event message shows that IP-INTELLIGENCE accepted a packet.

<134>Apr 23 08:16:55 f5networks.bigip.test info tmm[1286]: 23003142 "","10.240.252.242","hostname.test","","","","Virtual Server","/Common/TEST-TESTA.AA.local_HTTPS_VIP","/Common/IP-Intelligence-ALL","192.168.146.233","10.243.32.100","47707","443","/Common/VLAN-332","TCP","0","scanners,windows_exploits,spam_sources","Accept","custom_category","","","","","","","","","","0000000000000000"
Table 2. Highlighted fields
QRadar field name Highlighted payload field name
Event ID Accept is extracted from the event.
Source IP 192.168.146.233 is extracted from the event.
Source Port 47707 is extracted from the event.
Destination IP 10.243.32.100 is extracted from the event.
Destination Port 443 is extracted from the event.
Protocol TCP is extracted from the event.
Device Time Apr 23 08:16:55 is extracted from the event.