Cisco IronPort sample event message
Use this sample event message as a way of verifying a successful integration with QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Cisco IronPort sample message when you use the Syslog protocol
The following sample event message shows that authentication is failed with Cisco IronPort for an IP.
<38>Oct 27 10:45:17 cisco.ironport.test proxylogs: Info: PROX_AUTH : 36407 : [22607] Basic Authentication failed for IP: (172.16.0.1)| QRadar field name | Highlighted payload field name |
|---|---|
| Event ID | Login Failed (The value in QRadar is always Login Failed for a payload that contains Basic Authentication failed for IP). |
| Event Category | The value in QRadar is IronPort. |
| Source IP | 172.16.0.1 |
| Log Source Time | Oct 27 10:45:17 |